Malware Analysis Report

2025-01-18 00:13

Sample ID 240613-qyz4lsvgnl
Target a5d65585b35983537b141f69a38efce6_JaffaCakes118
SHA256 93b5a95a975c412ef42fe038a2ef3858316dffb6f4e1e8c7276f85e6f40442cf
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

93b5a95a975c412ef42fe038a2ef3858316dffb6f4e1e8c7276f85e6f40442cf

Threat Level: No (potentially) malicious behavior was detected

The file a5d65585b35983537b141f69a38efce6_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:40

Reported

2024-06-13 13:43

Platform

win7-20240220-en

Max time kernel

134s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d65585b35983537b141f69a38efce6_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8EFA0B81-298A-11EF-85B9-4A8427BA3DB8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0135b6597bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447923" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a1a2d86130682e479f4d2d6731a5a54b00000000020000000000106600000001000020000000a110089113d8c4ab14ba27b499f55f11aed463565b42e49fd09f024117113531000000000e8000000002000020000000f8eed3fbd69268cfd203c2c03a35e7550649e01ead9744e4e20dd40616beab7f20000000da57f7769ac1abf206bb8f0396434c2d23a89692e24c6d9dc590f5a8093eeb61400000006d534aa9ecada4f15818f87d3e3eda1aa13ac75ca71fa790099be367998c3969a07d0b4466cf8761f4fb12539e7cfae15a207fed1faa530bee8a40d151322ab9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a1a2d86130682e479f4d2d6731a5a54b0000000002000000000010660000000100002000000016b761b8a62d4ce25f96a0fb79b84d9f18845b1d9017af025f11b4cdb564d618000000000e80000000020000200000001a5fc8f7fb28b4c58a8c2b1094bcabd4703cb918197ec92561da4def0d533c0190000000d0895af73898825e4a1dd6c8e656c157b149b7a205189959e24959795664a14dd9ecb04d462c5603a6b6f45f0648601be383b473a28523943e8c7744311a3a8a376ed4875bab85731118a06df791f780581cfd96edcc1c218da50db4f7dc66bc44df1f02d74d3d0c3169b5d5e393bef0c161369b768731a551b70e3f7d03fd2985c9b7519c0fe58156d0732c95ce5cf740000000d44a1b54111cabe721a68e774259733d74ce8b43d0487a3aba0de41597e275191d6e474900d1aac060f04833cd52562c06c222ef79b435fe537b3cd099994474 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d65585b35983537b141f69a38efce6_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1248 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 coinhive.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 saltworld.net udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.57.186:443 coinhive.com tcp
US 104.21.57.186:443 coinhive.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 188.114.97.2:80 saltworld.net tcp
US 188.114.97.2:80 saltworld.net tcp
US 188.114.97.2:80 saltworld.net tcp
US 188.114.97.2:80 saltworld.net tcp
US 188.114.97.2:80 saltworld.net tcp
US 188.114.97.2:80 saltworld.net tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 188.114.97.2:443 saltworld.net tcp
US 188.114.97.2:443 saltworld.net tcp
US 188.114.97.2:443 saltworld.net tcp
US 188.114.97.2:443 saltworld.net tcp
US 188.114.97.2:443 saltworld.net tcp
US 188.114.97.2:443 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I819HQXH\e93d7024558d2ee595265c43dc1084df[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Temp\Tar10AC.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab10A7.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20c14acf66023ec544fad14e0be7b278
SHA1 ad162ec8f169427f1fd1425ebe52ba6bcf3fe737
SHA256 a9fcd3d439e6a8876c5bfc146e589bad36fc0cbff3773043a9cb0458d3d02c4d
SHA512 90cfc620bfcbf41e7d58b1ff456461eb57f179664719854fb4caab86ff05d9a418a1f049c824656ecc35e816c1792dfc197012193203a33f73a891b8b22e1298

C:\Users\Admin\AppData\Local\Temp\Tar11BE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9feb8c8ade4230da5842cf6163ddd8a
SHA1 74bd5dad64d37ca4de06bdf30a7a65840affe034
SHA256 7049e7fdf0db49eb091dd47a05dc7e9fb2fedcb6455c21b8383e20593c4bf5b7
SHA512 3f441ca76e4dc64778cd585c5bdf679d8d4316f8220d712e058e79f251fdde7c4d3713c35238fb124a3b0b71b8e3de23a0bf2edcd583dfa85c7117f3b7c8afb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 3cc1de7f51fd2fc0e089ab65bf48a283
SHA1 1cebbbd1205c5eb5033d339841889ddca2a3d818
SHA256 25a53ffb2bb1d133e8d2b5f93cfa8c0c18d2378dc174eb29c6d7500e2d756a16
SHA512 bc8fd0baefb5c35d504cef3b50bf088ce7abeb0ce2e930a045b03e490cd1eb05b41fee661d86a10e15c7efb731fbfcfe456372283f668ba3d74bce1c0484287e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 2c7ecdbbb063ea5981f2aabe7fcf9ac2
SHA1 5c92e25fa96ac7eb2d432563ce62be6a11dbd232
SHA256 a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4
SHA512 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 b70cee0f5138219184bc7fedfd8b7594
SHA1 82c44d89a098c5b820f2d9b5876330b6fa4bca36
SHA256 c97d828432c4da5df00ef3819331609d7620008b8488557f1f34c1318029dd74
SHA512 8f0a421106be3fbe34d36cb51925ed3fb31f4edb51bd4b59fa04c789c15945f75606fb3c730a4181a5bbd4f6b633824883f914525fae2c57821fd60c781028bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 5fbbd11da1447361d95430e07018c9c3
SHA1 23934454aa9c6076fe25696a8223c63ff258f496
SHA256 9018fa7df4d8c5ac5f77c69f1a33e696bbc91e2d44a64d3b81274c510242b2ff
SHA512 c3d1b0ed8493b07dbb496c8369c34011c9cd46c8020f9a693aa807baa5e375a09c0d633f14f05212d2e6ac7c4802e69bc13c186eb95086e0220a26a5523f4b7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6c13f651783ca34d1c9097ba2ec2a7d
SHA1 d4bc51dd15e199b3773e05196e2fa54652060ea9
SHA256 72b9d8377a2fec2f4ff53708179f9fc00a451a8aa27afe0ebd7e1ed223d4bed7
SHA512 90acf2652143393691bd265a595a2090ba02ef0c41ea71bef4f03e873935e9c68be483a6d6a88d5e869681e9fc1892eb9d0661bebfdff65f29b45a3647be83d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70c1fc659f1c0f13e53363e2d70de26c
SHA1 33e36a186718d54be83c234a98447dd855329eee
SHA256 6e03dfcb58f898564c7dd6079663523a8f6570a6d32a290ebb9e70abbc8d2ad1
SHA512 b4d463ae57d9ccee672a3f8ac52b16fe2923d6407994257e18f4bf42474be077c21c3b85df711cc3248eaceff378997504c632bb2750144c666aa4729419b3cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bdc57c43c9a8cf254dd897fa81a2ce3
SHA1 231ca157a46069d5b048a7594d0a37bb59bf3e70
SHA256 24a3aae16226c18cbeb216d9894193d43096487d42978a5770df4bb4619ba8b5
SHA512 fe1bdb4899c017f0555fb06b9e5933d70a4cc74f1dab654cbb41fb7dfcc6f2469cdca4ea80b208ef59c978126694d44bda74aa3175edbeac3e955664f48a838c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5d6cc93e7db16d9d4056e54e16c0369
SHA1 64bc44036465841678764d3e9b3950427119292d
SHA256 cf625c95d6ff76287c39a4e3ad38df207e678ac3f5968ef03f9e09cb34104572
SHA512 96a65552300401abd97d401c581609e37bf7241b8df15f9ecd33fd6f543f312b0f32f4597e2cf9bd5eb5eb3ce7a297c9c0945afc82f9606a817a88e8300fe200

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92ef9053ee22d662430b0b2b0487476f
SHA1 9e6554ee2f9b7f2401bf3b5293c5634eaa59d66e
SHA256 00bccc6b58fb3dc8e780b780c9ad700ba2a7bbde02d8ccc97196d0b5f217281b
SHA512 9a6ff2b2392daa149347baa347d652dc54bffd6015c90ffe11c348a849a1a47291f70dfde5f93d8e5d848f19c7963597aee83d1fab42b1397d30250f61be1ef1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b835b8eecf592c6f728f30a725eca989
SHA1 d097fde05145964dafe0fb41afdaf8090031ccd9
SHA256 afb4172b4160dd858d769431a17f365af8bdffe96e6e46fcd47a8e56e8b5b3d5
SHA512 5cf7387a56520d89376a349e39ade15247d6629afa24cf111ab4440973b616334bbffe675b870b78148339a7fc7840b1abf1ab49aaf441fb04b96b535f388e7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efb4ec499ea28ed2785527d1a92d3af4
SHA1 481979ba62837e681b4c22d6f8c43c7e489b08da
SHA256 2197a3d547cd9d7811e947e8e5f1f846c6eb3c9f11d7db6740f26dd15188774b
SHA512 3f922bfdc5496360e590aa447e205412134ce5b86a0fcc642769102023c1d5df27380439340672029fec02ab4b9fd0bd45c9ff7a4a052a9ecef7dd80f76cba43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0d99289b98d018ae4395336e2e79227
SHA1 2b528b3ecfd5a4d6710869acfba76446d5741e88
SHA256 bd6653040dc4d4d52047d2eeba8f200d1c3760c7985cc684785e9170b2afa88d
SHA512 f64234a92055ffb9816f7a504e80bccdf5a496a88685134ea57ebbee1d1d828de319d5734a1c9cfb50da834ad632d2e2c397010a48eda839485efb0b0b5a185e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69ad6afdc470928f022689099c244a47
SHA1 d3dd9da75aaa0f8ab0b1d6b26bc8a5668d98f207
SHA256 b4335ce2cb06eb925a3f6672ed194f97395d3134ef9b8e2e5650c32c387bfdb0
SHA512 9ce99ae3c5003e70222ec4aa0e3b2248fecd38035e63bb47a4131bcd50ffbfe42c9889215efb27ab4c1e00fd7b5b66ca5298a8486e8a96484b166544a64cc86c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03ded0ab4ad1923f76a138af280ab9eb
SHA1 e91501cd0fc2161964f875a1341919c2147b5bed
SHA256 c2a0cebbce13006230883eef9d24c64e4ac370306dce14f8f42003a11e728cb4
SHA512 2c504143944cf6afbcf3c3894411c8ce2d9a2a63eeed0f257d22e2f0f861d231e626297883f648daf8fc8b8ca1d9eaa891fc4b17c27c95687cc2a4901db4f111

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 23fb28fbd67fe0ca2489b9935937d502
SHA1 0ef8c41b0e619d0663d9b08f5c0b2b7a7a88ee3f
SHA256 e380bb645d205472fd5f2234343139cae65efc9b0ada34135591f9c40359f623
SHA512 a76323e40bae33b6452177525cb1c7628da85be1a4f53bc7c1d4b0a9f7f83c70000fe6e1107ba790c7dac51eb7e764772f7dfd731428e75fcdac90bbdc5a8e25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39d9da4a904593ecc2350209ee3b2b13
SHA1 f4c8e2ae7aec8baa1f5ecdba2516db9ca4f07ef3
SHA256 c01994c506ae265c22d216f93f9dc211c2cde5657412cb0353c5bc97cd2a6348
SHA512 11f1c5c7a4c2bd3010e53dda0a1c315ee8e10911e499a44eb0d291532f30978972582adb14c825df6adf832a3c454908976314cd9e752ae161c2885900cd131f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21cd411eb8a2d60dedb72f58a77a483b
SHA1 83a97576e82e5c6ef913ebc81d12066e844841de
SHA256 5c8a703a3e189f8d16ed8e8b72665010a60c5338d74c901cb5d4e7a648fdb0d1
SHA512 84e18ee3190db870254e7f4aba4faaabb2c78029a3178fba0abe368f41a0be5b0f551fcddeb81677589053695cd08cc7523f63e1a7bcdd1fd691ec09e78354b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57b16b24dffe8c65754bb0b120e2f6e8
SHA1 2c0bda709870c7dc102f77cefe5fd5b9f5db0092
SHA256 1fc5f7d1df7577bdc4d96367b0552f9bab5dbc00136878d181cdaba891e5610b
SHA512 e055b57b9434ffe8b68983726dd0392315fa2e31e118c97f67e8f032c8e188602004d171fe9e5f70f065543a5e3dd17e3434c241a40dc8a6ffea17dd4f837bef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97558c578b15d7ba1bd148bdaee01c8b
SHA1 9808fd7003f4da3d5a08b14b4cef2ebe4a89dd14
SHA256 4b2753fbdd941d6a4b049ba184cb7fab2128c2b8000c1af103f897457961e83a
SHA512 1f0669adb076e6a0aeb8489cab31fcd35ceaa51411293f8926b49db2dd4514363c775c380f34f6d6273ee267a5042e2c7cd1e64d190c9f8c3b96729ee4a57866

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6e4245f78292d8d5c3e0511bd3179d7
SHA1 b15c9dd33eaa54ba30caa0a71930a66a538a0bfe
SHA256 48a0488a5315bb805df1703b2237a0852fa37da87678873783d6d425dac1a08c
SHA512 3e615acb65b031ff6fd9cbdfa9a34c5d0c392f4375c8ae9670d356dfeeeafafee48c26580d9e03d1b4206209679479060701d16d097f12ff7bc2b6f9a5287183

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 61e30405e32804ec4afb77d696a61e86
SHA1 74a7856db3968c0264929e50330ab532b0fcb982
SHA256 04d9d8cab2b8bdd6a55789ef15139450a07336e8cbaa9bf5e7c5fff81613086c
SHA512 7a540b7bb6b26490aade64ed7d1df733d2c2f4209aa352deb38a7b077eae0e62540c0404e5798626afe5659a8fccb5ccb472360e8b7241f6296e5f66c98bb34f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 430d07ba086262f52828f3bee488d042
SHA1 640acb4a4e89b94e816bbd020c1177df90e856ac
SHA256 1b833856870ec8e55ef1c66b11f681beb2095a208036f7ca0cf3be8bb2c66a34
SHA512 dcf3e52dec3d6c806410c9dd324f8acedd203fe3490adf3ab4c541a99421c405866d4fa3d016d0ef30026103ebc63420f8d5ff2e2b3f2cf45c88c1f0c764ba1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7139f5377cfc9cb0f03fbe05e7cb5e84
SHA1 94eb429ffbfd0d0fde0e4999004c06771ef4382b
SHA256 74eb516f04122329179b38f399e10903ba4f2ae4d913dfd0740c9e18f9f26300
SHA512 36ba81640282852f1b499e19c550e19337ee03166bea804d8623927437da18054d07849dc1d26960fcb5e7cb1dac3f69992a94cd0b24bc0c2e13e33f39f708c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76417b417db4c803e01c044353f4a27a
SHA1 12c5096644c3a0969cccba648041a1e1ee1c09e7
SHA256 71408922241a2de921f45e395f104c8dca75f9e5c8901065bffd7e7dafa7ef62
SHA512 031446ba4f4023d6dd3ba88d0f4125e629b47e55b676bd7e07f2a2f3829e6c05230fc58becd5d2744120e74acb5747fb2666ad947ed0779ca6c56f933d461cf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a95f2aa05ab95b2a2e583ebb5433912e
SHA1 503193719ed461d099d9b9e6215b5789bcd98231
SHA256 36e189c38c15f2b60e4392f2c1943ea6b2d56f7bf82028ae78bd09d0c3f15998
SHA512 abb0b5dcc3198d6be7d29260015ce7814db54747af0404ac4255ead43136145a6d8f4fb2295305df5c3865a7c419789d519285d5fc9c3105e766daf784559e05

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:40

Reported

2024-06-13 13:43

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d65585b35983537b141f69a38efce6_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d65585b35983537b141f69a38efce6_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4832 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5676 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5836 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5232 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5068 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 23.34.233.128:443 www.microsoft.com tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
SE 184.31.15.40:443 bzib.nelreports.net tcp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 gamingw.net udp
US 8.8.8.8:53 gamingw.net udp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 155.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 104.21.11.155:443 saltworld.net udp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 172.67.160.162:443 gamingw.net udp
US 8.8.8.8:53 i1.wp.com udp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 8.8.8.8:53 162.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 178.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
BE 88.221.83.233:443 www.bing.com tcp
US 8.8.8.8:53 233.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.201.106:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
BE 88.221.83.208:443 www.bing.com tcp
US 8.8.8.8:53 208.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

N/A