Malware Analysis Report

2025-01-18 00:51

Sample ID 240613-rfk3eawemj
Target a5f1eb7f0bf9c12c88bc1279a75a4726_JaffaCakes118
SHA256 4532f8f70a6a6a97ed100820232060e9491caf1dc051c24432a293fc72ebd39d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4532f8f70a6a6a97ed100820232060e9491caf1dc051c24432a293fc72ebd39d

Threat Level: No (potentially) malicious behavior was detected

The file a5f1eb7f0bf9c12c88bc1279a75a4726_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:08

Reported

2024-06-13 14:10

Platform

win7-20240611-en

Max time kernel

136s

Max time network

119s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f1eb7f0bf9c12c88bc1279a75a4726_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449559" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00ee74719bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000dd44373686fbe80cdfde6011e92326b91ba26fb0af9d19790a47edfd4a7f3bf7000000000e8000000002000020000000f279db3e0ce77130e7fc9ea53739b311b99e5871288b69db8ef835c4fcbaf5e12000000033500c89f109fee61558d68919e2f1db61adb305208d58531585c4428c583f9b4000000074ae5f1c8223732b36c16b199782f57f01649c65c65720f5339c2a1389396a65e278dc9e5a1cb48c1ed7971e5910ba6eeea6846d8e9a29cd1898dfc3f1b030ec C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E2E8A91-298E-11EF-BBA4-D2DB9F9EC2A6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000a11269f4d255784b30c03cd379f964f4043b2266050e5b372034f65839e904b7000000000e80000000020000200000007cd4f85434ed8b3b979e20ee73a9031f0aa39cfa2a8f7ac1727be8019565a792900000009687c8b5b8b848dc581fc20b2d2b8b1294aa654a81f856970c7df7310459295a305d18e2698977ab1ab22149c6d44333214c748d4878aa1896bd05d7acac7675406f23bf454e1ce4888649cf46874e9c1f307d1c4ae86999734d6dcd7c0a4073743943a7128cfaf73ac62405a3cbd6ba0b2bd55c8d8cc47d07594f80f15596b1164b70ac32905b25c3c13bd6936277b040000000b7a446fb5871155ab6282b4127f8abae07a2aa00427c1f3e50380adaa832df5850efebad5d81496ad946cf199f9b9e99429ef9dfea12f0e327ef7b43e19fffab C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f1eb7f0bf9c12c88bc1279a75a4726_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2400 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s19.cnzz.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 220.185.168.234:443 s19.cnzz.com tcp
CN 220.185.168.234:443 s19.cnzz.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 220.185.168.234:443 s19.cnzz.com tcp
CN 220.185.168.234:443 s19.cnzz.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab125A.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abd4c65e055e4727468363dc8058fc95
SHA1 11a871caf7ec71756be22b4602f632602546acf0
SHA256 b3efd41a42f8e4854234e157ca2c91010d4fd93b44c12f5f64a5c2b4d77887cb
SHA512 db6ac2d5a6b5e242288f0f369c41b600883616574cbb25dd54cecab52232913eb6fd4c950a2a71efe561474f5aff835113b06e6febbe04fff3c5bf397e782efb

C:\Users\Admin\AppData\Local\Temp\Tar131D.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71a5609e5fb7690a464493172974d266
SHA1 1fc5abeb684dab210bb7ab0a367bf12a6b73ab25
SHA256 db0a536968fb49e0082c58f7aea07f7011a5ef04022c10049f074bccf0a691f9
SHA512 700f41eb99c7d7a6e05b2dc2eac9753595fd888cefc8363834eb53629ffd466eb05a51352cfde596e58cf53e2239629c80d2881e517146bc96c44cbd911b1c36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce28e5392a31d624d25a56fd40b97bf3
SHA1 e385faa75247edf89548a74449a58dd3cda0bb2f
SHA256 493a38ee3c0486f2a72c881b2adb556490a09c2fee8d838d1542d8df92810bbd
SHA512 e783fab1270b2bd228dee05f519c8a8f5054c4b632a2d3a1af89de3c04a74773919ef4f232fc8e54eae76efce2f036100a5cdc60c0574366cb23dbf7b5ae8825

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 255009284a9fc75c059c8628119c3224
SHA1 639b45350501c4c16b3828980f5887e947fd3c71
SHA256 5c3f32bde22a05841ec70f35b3b1eb0873e2939dda755894a70e177542a70935
SHA512 0ba25dfddf69579abb1cc2e8e3cb3067fa7635cfd1dddb40730e6dabaa6d68ef6c4a27173d5c638e0acee4fbadb49f67e75318f3df920b3f095ef1ccd28dbb40

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05b7c5e92af543331f43e726593781f6
SHA1 32b9e3602f9bba77c81ca466cd556ccf94210a0b
SHA256 29df5bc5efbd1fb83cdf66fa5adac5960f0e596a7a9b166915faf19d9dddfba5
SHA512 379fb075a493084290f01f769025608d21d0b7b8ced1837b1b3b15219f63851142e930bab67cdacd5fa259c58b42314d1e532b4a34dbea24a04907cf4b908def

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3626b0b63f8ad293793571d11cdfe483
SHA1 844b656d6d21fa6f8c216797b56ffe8bfe12862e
SHA256 241f320039ad7ecbe0a63e5328b4ed3399347d24e906c1b8f4af9f002bcd3249
SHA512 ffaecd932f73dd190d6e71162703f300b70f15afd28a7dfda34e51f05987ac46c30d0c455ae758aa5166e44142e626283f1f15137e4762a318901cb1e8654647

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a89d747b3c606c19ce1384b8ce4b0fe0
SHA1 fec75b906809896ad7fedcaa2127a713e1cdcc01
SHA256 5a97d041092bf9f506ea0138e82eb211936858926dff86badaa8c2669a7579fa
SHA512 d08c2529727b7049206925c6188a83e6162c9e7cd40b2b5d39f59a831088862ee444dcc03f00dc51700e94935a4c4b51ace77330f97be8d79e9f3e536286d535

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce3eb80f9a77de4428c1ba7b2cd7738a
SHA1 a01109a630006ed0183df995cf01a246f9e786d2
SHA256 fe98ebf35c3dfe550a71a3a43eda45c906e039728e54d2bb30f0314f13db3a8f
SHA512 0424d91dd1b7d16696d5e13d03301b0faa83c9e688239c13a35d7b35c6c7cb08682bcaa5599e301d42b1d3c9894b97b671afca071fb138f2be65a612f76fb25f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d494313a680e63460ea53dbcb3c2b2e3
SHA1 584aa2562680922e7f325c93d6644176e2b28392
SHA256 92153986a9653cd72d906569514033cb67f00638c8d61e9b40422870f7091707
SHA512 41a210f4972086275415dac68d7efdc882e892633de2d9cc32d96fb1fbd69289dab5228cfb820f0e465651c43e3667959cf5a143904323796ab0a8f3d83cad2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5aa40a35009daa5f7fadd696849cdb82
SHA1 54872ec6b08d3afba4d17b0e566c68eacd156560
SHA256 82a0928386c9378ab8922b4111d292aa3987dd84a08680ac67688280d8796685
SHA512 a881525ce0714993dba1dd4227c7b2aefcbe7eed153645c47106bfedfd443ff3f03d85c99b98c1d3994e77853343815c32d66bcb5b8c6ee3f808e75a45905c29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b498c04779e1fb2377a18a0e57cc683
SHA1 01a23acc5c5be16cd175ff929c6011a3142b8c06
SHA256 3c320a5ff6fd04945b8a614b8115571900debb72f14e58f56b4187cbae94b646
SHA512 572bdc8c8e82d600566935e8631340d16070a2f40623621ff5c14bedb1dc09d915df4cfc8132bfac4c9ebbc6c5a9895b7c9789c2ed13c3faec0eca0c3c12fcf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8d5d7598d57d586a6b2f213f0035a80
SHA1 bc9492f386b5edeebf3dec10ab2d32a935550ffa
SHA256 10785bb7052470719b4b7a6b7faecacfcef4fb673bccf4ecff28212121630204
SHA512 15e18c666dca5c20c61d9787e98d116d016396db82aa43da4185305b6bb603636311caaec377ec20112c07e0dd3a346047ba70dd476791d72593109368cb2e07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 927239e56facad52eedc77be8f523832
SHA1 4ff704731a8f7c8354d16654c335a75c3b759dc2
SHA256 f22d95a485da7a7da7d9ffa396d7efb46946eb9b9ecd5b4a5a70d8befd792750
SHA512 cc1e00855b57ebf5e6e3b55a3fb488738837b85c2283fa50d369895b2da42e149921aae018f112ccd7f8eaecbcc1e505900422458dcabae8e0aee7ccce2b67c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32eb197826d47ffc20f689f1c53c4e9b
SHA1 d0faea0beb5148d7bd8237e2451798049f90c85b
SHA256 69a602469085013782583eee9425e61ec6d221c69268fdcd81133b6bfe999170
SHA512 96ecac4b349ca5dba4af41759f146f3ad208d01a5197bb932efde2ae6111fb5037abd00d59558b990524d821aebad77f85bdf715b8fc1bab172e8cb397efa51a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24d90de1b3035d2fdc1d8cee82ffd302
SHA1 93bb8d373a174b124e572446d060869a97098d54
SHA256 5f906fd092e546ddf8722301c515811d54b15fe901972a501373ff072164ff40
SHA512 a0ff203911097c6188af5229e02e464420f6b42a3aad83299e7185d946f29c033384ed62a736a79b7298755fa237e4d3d647d85922639619221aa634d5f551c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48cd41e62a7732a5141cad0b11322e8e
SHA1 580d6c7c29d52bf3c26beed467a92db63e48c76d
SHA256 2f50b24e32ca7110444d4c4a971f2c45366224827ca7ff5b8a2629047faeb2de
SHA512 7bad48ce6be333baf80622d4305fb0a47248e779aaaa0739b7ec0c4145d8583471b4db05b1966a85a532cd49dcad7173c6699092ac1cb8adef3c66a7834b802f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b3ee806557dbf80ff3c60dbef8009b6
SHA1 662b96b412ece77aee159641a1ec47c4277e922f
SHA256 e5d413e238ce0180fac6143064b6c4152d79655c845803c80178741d11976d83
SHA512 26554169e8968c85ab3e2ffd4debcd3c6863eb8f03ae9a101e882fce0a7d56ae7f689e84ed48dfafaf6ed5c11f88cdd562847e2306215a40b49bd43dcfb0b7b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa544886d986a0247ebd2876819707d2
SHA1 5795486a75b9c0820a28d1286603154d36ba6d39
SHA256 fa4808fc69367d6ab4d81cd63617613f797b194ebfff68c796ae223cd31f1188
SHA512 6dce790550dfa56af4fe1c325bb6c0c0ce8c15642b0014b9634efa4d594c3db4f7a3d88bed76cbd26aa6821132633467a6893f8900cb5e0ed3b5021388ebaa01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc2de99f764ad64ef6e4be30233ad567
SHA1 a0df8d8e37eadeab174dcec17cd088e2ff1d80ca
SHA256 5936dd1bf639ba9c32b496c06a218e132a9fe3dbb4c8d37b43c20d98318c2af5
SHA512 d2371520e034be61c0f50ad101004f07f7ecb4daeb553dca32b1bb2da4d579b9d38965dc2d34ea158d3864100e95e73b418a5984f879031ac7f59da64f874d20

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 14:08

Reported

2024-06-13 14:10

Platform

win10v2004-20240611-en

Max time kernel

148s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f1eb7f0bf9c12c88bc1279a75a4726_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f1eb7f0bf9c12c88bc1279a75a4726_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3860,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3836,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4292,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5396,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5504,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6008,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5640,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 s19.cnzz.com udp
US 8.8.8.8:53 s19.cnzz.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
SE 184.31.15.35:443 bzib.nelreports.net tcp
CN 220.185.168.234:443 s19.cnzz.com tcp
SE 23.34.233.128:443 www.microsoft.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 220.185.168.234:443 s19.cnzz.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 5.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.219:443 www.bing.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 219.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
BE 88.221.83.178:443 www.bing.com tcp
US 8.8.8.8:53 178.83.221.88.in-addr.arpa udp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
BE 2.17.107.128:443 www.bing.com tcp
US 8.8.8.8:53 128.107.17.2.in-addr.arpa udp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp

Files

N/A