Malware Analysis Report

2025-08-10 22:12

Sample ID 240614-blcp8ashnr
Target a77b0fec261b20bfec1e315d79b18009_JaffaCakes118
SHA256 4895e3b33c992c67305701b28a6902a89def2f2576b49027fa300fa79c4d7f74
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4895e3b33c992c67305701b28a6902a89def2f2576b49027fa300fa79c4d7f74

Threat Level: No (potentially) malicious behavior was detected

The file a77b0fec261b20bfec1e315d79b18009_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:13

Reported

2024-06-14 01:16

Platform

win7-20240419-en

Max time kernel

119s

Max time network

119s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a77b0fec261b20bfec1e315d79b18009_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424489503" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{517EE211-29EB-11EF-B904-5A22F41CCA2C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 700cc350f8bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000003807fdcd4c2e7773044e1f090d2657b9d9d7f974bf4fe42afdcae75288c80eb6000000000e8000000002000020000000d15c6a3449ab5b1de1d8d9ea866982bcb08ac826972d1da854401f9701900a4f90000000dfc9fbb69d58a550bd7596bf910a0ab36cc21a206e1e0c20b7f8e728463ccbce0353fac91bc0e4b85c562412488e0c508deff8fdeadba9907eaa0a95ba0675e572164f7840878175fe786af6b5b463dc65a2cc8cfcd456f32eb6ac8b12cb5e4862a14053014475ae9c5e2137a32ccd4039377db609e1200876569336ca398f1c7c9e01bf4edc73a2770308365582e89040000000410d496f842df39a062069aca40a0b2514bbd3bb8fc294a474961ef0eaa490c10adb60fc74a1140367669a594eac9b5ad04990e680b0e617f34eb81facc34806 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000002b6dece459feac2a4f0460ce7ca258bf55d5e4600e9411dc48a6131a936e57d4000000000e8000000002000020000000469cba77ff8174c60797f5e729da875686dee600325dd6742ccc579eb91b648620000000ce0e350147c8549d426e1923e6a3eb8dcf7da4bae80176c647790523b6883dc0400000008fb54ded8d1bd79c220a211cc18ea8501e71283b81b3da699c4bc09e6814ba3e9a70cd5b28f27d4d86882066d30d34eeac84b15e6ab9c8b3f780ddc8cdca6018 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a77b0fec261b20bfec1e315d79b18009_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 t.cn udp
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 www.googleadsl.com udp
US 8.8.8.8:53 www.googleadsl.com udp
US 8.8.8.8:53 t.cn udp
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 www.jiehun.cn udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 www.jiehun.cn udp
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 img1.jiehun.cn udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:13

Reported

2024-06-14 01:16

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a77b0fec261b20bfec1e315d79b18009_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a77b0fec261b20bfec1e315d79b18009_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3452 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5868 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5992 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3324 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3692 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 157.210.16.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 23.73.139.27:443 bzib.nelreports.net tcp
US 8.8.8.8:53 t.cn udp
US 8.8.8.8:53 t.cn udp
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 img1.jiehun.cn udp
US 8.8.8.8:53 www.googleadsl.com udp
US 8.8.8.8:53 www.googleadsl.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
CN 39.105.18.168:80 t.cn tcp
CN 39.105.18.168:80 t.cn tcp
US 170.178.222.41:80 www.googleadsl.com tcp
US 170.178.222.41:80 www.googleadsl.com tcp
US 8.8.8.8:53 27.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 6.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 img1.jiehun.cn udp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.170.99.35:80 img1.jiehun.cn tcp
CN 61.170.103.35:80 img1.jiehun.cn tcp
CN 61.170.103.35:80 img1.jiehun.cn tcp
CN 61.170.103.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 www.jiehun.cn udp
US 8.8.8.8:53 www.jiehun.cn udp
CN 61.160.251.208:80 www.jiehun.cn tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 61.160.251.208:80 www.jiehun.cn tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 13.107.253.67:443 tcp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp
CN 61.170.103.35:80 img1.jiehun.cn tcp
CN 61.170.103.35:80 img1.jiehun.cn tcp
CN 61.170.103.35:80 img1.jiehun.cn tcp
CN 106.225.194.35:80 img1.jiehun.cn tcp
CN 106.225.194.35:80 img1.jiehun.cn tcp
CN 106.225.194.35:80 img1.jiehun.cn tcp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 14.215.183.79:80 hm.baidu.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
CN 106.225.194.35:80 img1.jiehun.cn tcp
CN 106.225.194.35:80 img1.jiehun.cn tcp
CN 106.225.194.35:80 img1.jiehun.cn tcp
CN 113.142.207.35:80 img1.jiehun.cn tcp
CN 113.142.207.35:80 img1.jiehun.cn tcp
CN 113.142.207.35:80 img1.jiehun.cn tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 111.45.3.198:80 hm.baidu.com tcp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
CN 113.142.207.35:80 img1.jiehun.cn tcp
CN 113.142.207.35:80 img1.jiehun.cn tcp
CN 113.142.207.35:80 img1.jiehun.cn tcp
CN 121.14.135.35:80 img1.jiehun.cn tcp
CN 121.14.135.35:80 img1.jiehun.cn tcp
CN 121.14.135.35:80 img1.jiehun.cn tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 121.14.135.35:80 img1.jiehun.cn tcp
CN 121.14.135.35:80 img1.jiehun.cn tcp
CN 121.14.135.35:80 img1.jiehun.cn tcp
CN 125.74.42.35:80 img1.jiehun.cn tcp
CN 125.74.42.35:80 img1.jiehun.cn tcp
CN 125.74.42.35:80 img1.jiehun.cn tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 183.240.98.228:80 hm.baidu.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
CN 125.74.42.35:80 img1.jiehun.cn tcp
CN 125.74.42.35:80 img1.jiehun.cn tcp
CN 125.74.42.35:80 img1.jiehun.cn tcp
CN 140.249.244.35:80 img1.jiehun.cn tcp
CN 140.249.244.35:80 img1.jiehun.cn tcp
CN 140.249.244.35:80 img1.jiehun.cn tcp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

N/A