Malware Analysis Report

2025-01-18 00:51

Sample ID 240613-rgp3rasbqd
Target a5f40e547b5a399fc67580912adac016_JaffaCakes118
SHA256 804257bdff8d4c3adda6636605e423e2b4fa8d3a8a56e06f4b3653a50249d608
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

804257bdff8d4c3adda6636605e423e2b4fa8d3a8a56e06f4b3653a50249d608

Threat Level: No (potentially) malicious behavior was detected

The file a5f40e547b5a399fc67580912adac016_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 14:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 14:10

Reported

2024-06-13 14:12

Platform

win7-20240220-en

Max time kernel

121s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f40e547b5a399fc67580912adac016_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a22124d08323d3468adf9f1597336bba0000000002000000000010660000000100002000000027c45d4b582120fe20ac8076f5bc7139de234418ebc8ea94b9c628e57b8d8f53000000000e8000000002000020000000d186b403d584d58949a0055e0f18fcb33f47c9f2c564c86876340b5021361cfa90000000f8ee62c277f24deddb0aa4af6acb73c36a22e6b40ecc43920568af4aa8f9a0b152bfd8bc7acb7dc6341dd71f995221da8637c0474e770793977df228fcfd7ac0bb3944681ceb86f08ba488692dea7781b1c91cd06204a7e8660a467ed242b48164ab2b6a255287cff66c703651717d9f1e45ce5ff9d104d2b476682c9e0eb6c3a465283316d202ea61c671c144db5e9640000000956c05c073bb660e6b267241ca5e82fe81713b267499741d31b6232c56f51f2209c85647455075ef4c4aca66552ffac17d4682c870681c90ca6f582ff2d4eff1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449676" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0be93789bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3DF0E71-298E-11EF-9ED8-52FE85537310} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a22124d08323d3468adf9f1597336bba000000000200000000001066000000010000200000001aace68647d59499d52d59b6c827782a454369651425d64ffe30f5d945c64567000000000e800000000200002000000021352424de9390d0fd52125a23ddf86d88a8166e3847b5356248902fea3d39f920000000e5af13a2f24ed17f1ec9ed31754947f830fac69a3bf506237ee79c51e876c93c40000000822c4235bd1517b4e7fd861733130625c734dfefa2f87e234d98ccf6df6e6d8ccc57cbfd706552e25f848a44317890d1a078d735f8cd52f565327a115adb72e8 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5f40e547b5a399fc67580912adac016_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 vikalpfabrics.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3D90.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3E81.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28028ec854f0696f3bc3d29e65ba7bf8
SHA1 25ebb92fe2ae95cd3baf8f9d37e4099657dcbc16
SHA256 789187769864ed40a755a9f2acd8b48c81b7ecd2d46d4620ba84d017991597fd
SHA512 c67754d535fb0efedc77079a607e06bc82273de437fb55c5be11d10be399f1d9477c7c4041ad17e88ecef450b26da7226197889e3182d0c222409f4d997d4f86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6672edb5ebfce032494c6b11315e2a6
SHA1 910cd86b6fb47cf1f6c1079ff6d69244a64203c0
SHA256 2704cfb5fe3db1c2523cad9cafece636c84a326084d4063fb50d8940ce5d20ef
SHA512 329d865639668147f562327f8699db56fa71c1d03aaedb1f2bd5abe7bcbeb36e0454dab801a99096868569982047e94df3f17ca291d1b1991b498e4043a3290e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9077d65921e1f7ddc26f442cc691c05
SHA1 2c27cc914d85e081b9e22da3bc312ec5e3fa37b2
SHA256 53cc3b7316cd22e76670fdd861e0845cdcb85627a0f820b2ba27c9b559fab392
SHA512 f6e40a4a55cd94b023027484a51977f09c3da332b03b13c92108e8d27533b2548db05fd3d1c5788a8a3fe57bcab79bbee24c63e53fdc04e9917a9872e4ff1676

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c703f2384b54e16bfbd421e1bcde9bc
SHA1 47ddcf5b86468201b9231d751064a4d9dd23bec7
SHA256 43c00f3ffeaa9077ad4ab848f678df1b29017f26b948486f3b342f5043ad9024
SHA512 53b7a1aa2f227ee3281eb03857c54893788384dd044d9d9ab6d7d6add77acb15b3af6c6af905a63e6298e841290eb0408b651e46377ff562d05774f1655fab11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e700397770a864b7fb1eb1c32793710
SHA1 2fd85288574a5314a29503d7ccf01c45c53c4d53
SHA256 1de7cd5b09bd425d96d26cc19349092c2ed39f5195f730f9402f559eee05baa0
SHA512 8911d57ccdc1faf6a2da2cbda112fb17a286fecb50f37632ade0b0580264b9ca2ee03c9bed2f06a89697ac075f37da928a2e9514554553da4380601c383ee857

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b145a8a5c25f35e79ce12797a55f879
SHA1 f4069d9aec9382dec0ef2cfdc8f276e5808926f7
SHA256 b8b97f79f7a623f58b9845ef92eb1e49c9f378925ea404977687315a39ad6ad5
SHA512 67a45d554f9970799caa92ecece4a82800c6a982eb49d5d02b7640daeb0821404ab569473b7a2fe142d29dd9e5238323d6d31c7d1c712b5fe55e93be38e8efed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63d2cd60b1ad96255fb36f26ace1df20
SHA1 52ea6564e936ff0feb295d10adb76eb26bd2bf24
SHA256 83d24b8b87b75ac915a8e3cc9a6c9e77e53a902affec4f356e4186bffbc0d6eb
SHA512 95089bbcf0a766d891487ca4ad3f59a296781060464b8941184b8f78ecab0f421b24ab45d9b4da8fc08aff783dcef408bc3a5fa7af528348964e2ec88c6368cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d403c2dce46e3a4e80baf4978aad6acc
SHA1 6a28d4e58317289813e6be89eea51b19a4fa5189
SHA256 e4acb284c39c2851bf5941975d97981a227e3226d62e4b80dcb518be2263ed57
SHA512 f436bf10c7fc9a3f604e2d7d9b26fc917dcc19ca926d931860ebfb519e91a36ff4a32b3fc6c4df36786f405701efc1bf77f4d7b64229d14dce011232fbd294a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf9a340be89769934cb3a5e77e3c0a18
SHA1 494a8c7256add28afadca4b5436116fcf920cb8f
SHA256 06bbcce3ad2436edfc62d2b4fe792707a4606b10d98f04c73ee12d7947889934
SHA512 440050f5ef07bffee24923375b43aad96996aa0ba8529ff9fc113c507a29a68708584871edde44e6cd3dfa3eb84526d1dfba47464cc9bcc7fcb770a4c874bec4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49108d116559230dc180aef2c9871250
SHA1 15a59e54590c8bc055c3bb843880d48b892a67b9
SHA256 75c21b7289d9b7c26353e9adb149e754e9405a1c18b1eff9b0a8c2ae3679d7a2
SHA512 63edb2ae8e2a40fa19015f0abcf10d7039887052b312cf9fc3364957999d0db95882d492fbc5618fb7573710d7d2b7a230da2d220957fc021aae2c5f2598e302

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71f973982ab467d3df57308cc5d821e6
SHA1 b61478a093474ac0cb3fd77d92324203ee8ae1b8
SHA256 9678c68de6905db2f6b9081c08f0588bd565cc3cb715bb7b91104f5d4adef052
SHA512 e0889172dbb9745a5d033460d4cfb3f29469e09bf4a246d01a07bfe58a69becec78ce14adcc3ce8548993baddc0a3dbf0869bbf3cfc6e245c04bc067bae82632

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ddfa6536bc21f16fa9730cb1e098138
SHA1 8e6333c5a22e5f77bd8ea2961d9be24f1254da78
SHA256 2632548541084b3e91925b5cacbad5be4776002706ee43d3322e3e3b4abc99a4
SHA512 5f4982a3c986cccdc74681942e2bccc80e8572976cbd03042d33030924cdc21294a27383807905a0b8520ba7ca96daa28efee62b6bec148c88ea9851cc62d48d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 732a78b17e6e2b6962bbb4d95b6edde0
SHA1 ee8d9447104c2d221e09bff1ad33479f9105e464
SHA256 fe9efe4b68116d3b093a90fcd78e9081a272f2ab50baf623b5871d3bdce96bb6
SHA512 de62542814d3be6f32a38a63048ab5815dee408d8d0243a3654dbfa2114bf579e8246e15809a637f64446c693c8e7d9d70862b48bdba5c82ac0d073fe69d854d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6c4d8e02244a70f39b0524253ec5301
SHA1 8d009a5e5a5e241da2bcf6e1f7336fb1a83e5e99
SHA256 c93b137d685eea2753805454dd565ef26609284e0c7f56b359621132c7d2ed79
SHA512 03523e5121eb5ec4c638f4d11ef3fc8cbc2c63d32958ed4c0d251c9445b0ca5e19ec3505bdac22e901e0d2056fb1e765c496ecaa622942d0cb3c3b2d7e365a65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92dd4b1b348eda2ea074047a59d9c3c8
SHA1 6ce10e2110be5f922a01e8eec5d6b96f4057c46d
SHA256 13df4cd22d28504979ec2fdc5632735c93a75facf8de0300868a9915cdfb141b
SHA512 e082fc70a5f1639e6d835e9eb619be9abf7966029f51d936dc6ba884fa067ee6bb1cef35f93dfa2d906be018846a49e23a4b983cb45afabf9168bcfabce4bc4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1057b5407118fb81691542ed6ea2292
SHA1 a999cb4ca1c9afaa3089e59381ea2dafb30e4e8c
SHA256 8ecbe01b79259ecede1e7817b9d770ea407f12e8fe54610493575b893382b9cd
SHA512 0853bc80a929ee1d58f4daebf99f4dfc55a8763e614be69f4780aaa22c3141d40fd07b0031ed604c3ddc79e02eefd9e286166b5c6546d78ca8883281e4a4b64d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c64a767e4d0e53d6b1be967387df7f89
SHA1 70c32f4900bae0151901c619c76c132be67de4d6
SHA256 c8744f7790cc229ffd899b2baea8fe0124139de4d2861afabadfd29954432df5
SHA512 7e05db3268be01c87c543c1dffbb0369282f7254204c70b025bd844dc36517730dd14ff662acf9f8e4b7f9821ae225b1470746918b0d27306279bcc8980b0983

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0dc3881fa18591c39a3d541d72be01a
SHA1 8da60f9d024840128506cf3412e2c8f6ad2591c5
SHA256 6bfc1a9ff7facc4c70e28b381e5a3fde144b64ac40a3cae59dc676c1dba561f7
SHA512 6a3ec37066714a161fa41e5387cac94dd4d7f261df74f23b88548d234056ac301a17f0848bc8ba91deb02e906fabeafd513e1fdeab24680205e7ffdf81cc08ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42b266e9c9bf20f07fa20958aac6f935
SHA1 6e197e7e4045ff4023a30d79321256939128a4e5
SHA256 168e797aeca9722c4f766f0d23e2aabe529cd76387d03acc2d905494ba674701
SHA512 9ddd7aa321919d498b7439db480e2f671516fc83126a724232e21c2150cbbb892fc122d91b7215c8d77b93ca5b1ac0e85141006c9b5c4fd21378a910f6d2d43e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 14:10

Reported

2024-06-13 14:12

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

147s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f40e547b5a399fc67580912adac016_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5f40e547b5a399fc67580912adac016_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5000 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4412 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5436 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5616 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3796 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 vikalpfabrics.com udp
US 8.8.8.8:53 vikalpfabrics.com udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 vikalpfabrics.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 vikalpfabrics.com udp
US 8.8.8.8:53 vikalpfabrics.com udp
SE 23.34.233.128:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 vikalpfabrics.com udp
US 8.8.8.8:53 vikalpfabrics.com udp
US 8.8.8.8:53 vikalpfabrics.com udp
US 8.8.8.8:53 vikalpfabrics.com udp
US 8.8.8.8:53 vikalpfabrics.com udp
US 8.8.8.8:53 vikalpfabrics.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 vikalpfabrics.com udp
US 8.8.8.8:53 vikalpfabrics.com udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.201.106:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
BE 88.221.83.210:443 www.bing.com tcp
US 8.8.8.8:53 210.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
BE 88.221.83.200:443 www.bing.com tcp
US 8.8.8.8:53 200.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

N/A