Malware Analysis Report

2025-08-10 20:53

Sample ID 240825-hqgnas1cld
Target c030230ed5c3da370d1779c1f992e03b_JaffaCakes118
SHA256 57c08ac0c7ea9aa82c803bbf5dc1197aa0248d9e277d5bb7259f6990aad01200
Tags
discovery
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

57c08ac0c7ea9aa82c803bbf5dc1197aa0248d9e277d5bb7259f6990aad01200

Threat Level: Likely benign

The file c030230ed5c3da370d1779c1f992e03b_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

discovery

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 06:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 06:56

Reported

2024-08-25 06:58

Platform

win7-20240705-en

Max time kernel

134s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c030230ed5c3da370d1779c1f992e03b_JaffaCakes118.html

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 309ac8f6bbf6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430730848" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000009c6745a268cc2a86a6e306cc5a463b2bf37644eaaa0f022aee7c4a686086551a000000000e8000000002000020000000ca1daee18a18917d4c9ccb49d24bec173d9342d757b519909b9c7a7e4381567120000000da21e3b8fac3137241af8ee02bf233765a0419360c5cb99b3e8b0668d27177b940000000a6fff9d303574f14d6c8b045f6b27a67636cab8bc86d396009d453fbb40e01d2364e9fed8e433f822d20d182240b4ad5c1e9ad7b076b67ab00e77c05e774f475 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{222147E1-62AF-11EF-B9CC-DE81EF03C4D2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000ab49ce0daab82d3da706a0aa160c36cc6275d80819a8d5ef4180bd8ad3046241000000000e800000000200002000000075247a0f1a0b72fba52ce83be19d4c55427b00d56214e109dc0cc7c0b9b64b1f90000000e17a582114442f9b638d0ca426c4eedfb0597ace774f406d728a2d9118ebc7d85af48e419acafefd5fafb632f6f25ac80903ffd5654f0ae9a86952174cebcd4f4cb712e661d789a149882e74421f212b40b0bbf50cc9a223341783c33dba825b0248a4761d2a9765eb3e5361b2b9db48bec1b29ff53e09e90def83722c5b782f6b5c56005dcd9d8523dbd4ca771631e2400000000e678053d542043b3845e6ac73ec2530a151d3530880af7a5d3a43e93b0f6c102ef06756f0c7f8d36bff342f33a1ba3c4d889baccf969d9a3f59192c6d76f093 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c030230ed5c3da370d1779c1f992e03b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
FR 142.250.179.68:80 www.google.com tcp
FR 142.250.179.68:80 www.google.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab55B1.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar61D5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c30efb4109fb37160dc8412865659202
SHA1 74b9c6801ff7a774fc230d74710056dc937004ba
SHA256 f4cfcac1c57f3e65bca965f913904ddafa27f93d69f47f496db0c5242e0c915d
SHA512 90afa510e94fed87a85659b34ed340a125649cba077de2ff9a4d4a45e5ca1f8ce71939adfeb7907f06fa42008294399a52e320cc85b273b5aacdc231b294ca52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb42cfa222497db93df44a76e71e10df
SHA1 be410068e1e201d3a7bc5ce27a1396d89b12d2f7
SHA256 8ac6555f1e3defc883dd6f47c35c07fc74787884074214498f5d1c0c2226f35c
SHA512 bc209ab7751be682ab1c77ee8e8f8f72cc17ca627b308822fe969fafb5e19d63c13e41ea68bb92a923823a94989ec3b209c1595dda6bf71bab6c9db55a045dfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebd507138f5a1b97663a91eb130035ba
SHA1 e3bc5999892903a6652d22d7d53d79a8ff120eea
SHA256 083d85280e9ae995142d1c41c6dd192facf558c3065be41895f4ba75cd422cc1
SHA512 29ef5d5cc91076803d0a89be96b3608e16590e876bb96d7d2ff9e1fdc23ed99ace1597fbcd5c8e31866dcb59c2833a2673dbf13f00dfbae8dc54164cdc6d6a23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9366b642c0de77a17d4e2fe88c0ff76b
SHA1 83630b7757ed3f4f68a9d74af0b30cc7b17da2f6
SHA256 f1f52a71e09563fcaf8deb3cb7e83113546142c991564c85c03697f34d01eb59
SHA512 83293c3e5ff0955a92334d327aede06b59fdcae2948ce201b59eacc928d43e3bb299ccbf0f31a3b41ccf1109c04907d62f2559e161fccde443f1c926afc50475

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1753ffce78852be2d3d8bd6ba49fb065
SHA1 693adc1c46adf359fd4595052ee0d421fb751e84
SHA256 98c71c4a9be647f5eb4d1996855e140620596d79aa2f5c3bfb335c4707480dff
SHA512 118791616ce17f1210efec75ba483aa27a88beb24a578ade313071f6a05f19d38641693229f8142712bd0383c2b877a4f0ba22f46896e1945939c35de885f418

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47cf29b9107999be984a0330a5655dfe
SHA1 f246c6bb0e8cc97d5a2dacdfde5030a06903158b
SHA256 1198658833699ac34a38e54049881292df10d06d39b4df391e413ae84fec9fcf
SHA512 a99a77a47ef4d543ada7744e647084306a323748e323b8509a4ef5d6c77b72a5f47d20c2bca3caf3f1c29a274479fec21fefd180ab002776323cae82eb7e9ff7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79d9afcf8195ba21dafd21d4ba92c380
SHA1 ee2039be3ce4d2aed949432e48e56d5a8043c8b6
SHA256 1e24967dce353f34b82415f976520f62c6c5d50a98e09acbbf686b041f8fa4e8
SHA512 c462d2ac0de87ce3be7e39f629e269ed060f71c70a4bf4efa8b7efd916cf544f4cc8caf36756243b77506368367c581c5ff53742277290dc1a6cdef64a8edfc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 142936d312cb8ce3681ac706041a4f78
SHA1 1a77445d2b983d521beb31621a3ba3be1aceaf1e
SHA256 27cad0c32fda6ee9a388c364adfe0c7c985dcf642303383806516bcfbf05d5eb
SHA512 ccbdd23ac3cb0172796de45230ddac988a468d2b22c46938a315b7ef89694821c37d3f79b35a34b03ad3fdb9a5706c99f7de21e740b2aecba56956a888d3f594

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43419a7b217479937ff82574b8918d7b
SHA1 9ecee320401ba83f076fd875151ca8d9b657b15a
SHA256 56161011c61ecdc9c3585c8cb2144903e19baaa2f290e1c6bdcb85c6b420d6e7
SHA512 71e33c125d4070b17b87e354f16191f589c0395357995662181efdd7005de600491ae00450b48b603f7183e3cfb186d3d1e37854e5ad444c80a56e8a371326a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7744f817c8c60c867773a9fae31a2205
SHA1 76cc25dd3e434f4c07ac68f3edb5e2f72e0fdf9a
SHA256 57aa9531400788c7f057fc98367b2605ccff08a721d5c018e9edf85a1a6c4269
SHA512 8ad0c3878a12c0466c7204df30ec7416009e9bdc0596f93e51216c28631967dda6ff7d43d6d2cdb3ada7fff2eaaa20a68a262070fe48802028b1c39c412bb556

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 676a0a891825e912cfbc49006d68df2b
SHA1 3727d69aa5503c9d55c7cc1f27b22c48587decbc
SHA256 ddb1e25d03ecfbe0896f94b56136dafd419a0445b5ecc09b05cd2dcf4144ee45
SHA512 3869e3a250efddf0d7bea379411269a4214562b7b89d2574eb3da7c23aaddc9671611d9bdff9adabb80e01afae13d2449aa515f392d0e74a500ccf069698a86e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0279b1bb3c777075756db5d182e33524
SHA1 2080c75008586745518f7e42ea1693b69e61bc00
SHA256 930d5337d87afa19d91caeddf30d10c5c27ac082ca01762f616dc27d04cdbce5
SHA512 f7fc7ab8861e629bf11b871201813bc1acea66b10f245dd935c476f0fff62414a3a4cc2c17306ffef95c9ce968ae1926d912b09fbc038aa3aff18906625d5519

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f213d85561a5a303dd137444e4dfa46a
SHA1 bb2c9ae30ec2930d970ba3501316cc073509c347
SHA256 a861c19752c92a9056cab972424b70f8620fc7d95a3b33b27e9c09265b1070ee
SHA512 41a826fbad77c66a583eb3711fc764512f6a291160541bc222d8f993cbfe098a79f179156f6683795770e248d5d41dda9f4b61fa16111aaccdfa095da061b7f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b12d81fdec020de7a0aa5cb0bf3f2455
SHA1 77ae8439fa186d97a74f9bb8f39a1b6940950cdc
SHA256 3de85bd7bb9007d598df8ff0d0d73d9217032ef5cb62cc5a27c1095783e16345
SHA512 9d215ca7e525dc69eeab635742161ba498ebab81de29fb0659904241066e95b3ff97443b1939ff0cc13ea1d4fcad7cc9e8822e5133539be5ea6beb86470ad6be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e7b38e041b2b0487ca3a0af135de787
SHA1 3b9437940e5ecfa774d188226c137cdbfd92c4f7
SHA256 8c1bbc9cff46eb9d5844cf6b008f10c5629d90e05203d706b8bb0edfac9b3be8
SHA512 cb0569a352e7d2cc33e9ac8335c536f89277dd9ff72e34baf1af360819b96187aff7cbd67b9cc503473abacaa34a30041b2b71993bc6b15dc80ed7bae3639cf9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38dcd112d49220ad9180ab7f9ce36890
SHA1 7f432edf3bf1cc49a3c27b24000234080367a0ed
SHA256 2f345f26430af52f8d1e3c0331b0af9267fa27e0d57482c4ef8a25240a61d7af
SHA512 87695a2095f7800b184856d94c671726220f49c5385dac6aad205e4cb685d8c25f5fa11c428afd36e1527f4cd67b7cae0e3327e696c685583ee5d934739f7d03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8f40cf872e0cb963319167e66c4707e
SHA1 81b3c41f27f1e8cc8fe6a187a89c28de1a64cc27
SHA256 b944e643f66804f74eb8c376f378f30059c05c2684e01dc58860144a6c29e57b
SHA512 4ea9e8fc214c82d4d544799b9e29fb5c7472d559675655c15c0ab1cf0863bc2292861d10207a3c5c55aef4baf994a9103a2ccf232905612b09e4e63096475ad2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2f03b7615507a9b12c27c601044c2ad
SHA1 3e14c719cf7c3b47eb6336806811ace9a6929789
SHA256 e8b0a7083498d1f423164c548b4fb7973b0396984ba066873746618d0715b8c6
SHA512 bd3716506d57ecfdaa04888ba779b51b016681e72ba5018435d0dcc925e701e10e265e5bec949717e6b5b9fbceaf2e93d34e6c40e71756a4ae6ff70792cd486d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6534b50149fedffc5046426af0666d5e
SHA1 8d2e1e88ac75231a690c124d1faa58050628ffad
SHA256 9704acca5942a4c9826b73c4964f3e59e62d24e0b434a924e18c21523e04d43d
SHA512 40e783b75225590a313f123c5e037c71d3778a9beda42f4354ebb551a586b18e87674bc3c4d396ceadfac8534004b42bca5c25f05bae349c6ca4bdd23c5a2c55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2ddacf3b64068a6f6101b687690061b
SHA1 e16d42e0a88f716fa417f47360251f3ccd481dc7
SHA256 7af23020bdc9bf047246141b641c2470be1e329e2ec1bef2aaf9870af3c331e4
SHA512 97b729e12a5d43e7b96440a7138d5340eb29c4ca0a04a73295b1a31921c1edc37e8578cfe909c2c9118cee777f5f381a57819758caa641720df9a5d14ff3726e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8892693ee709aeb7cfaac97972c18337
SHA1 779ae12c4ed956e70838e3f6cb97fe9229867207
SHA256 4d5c2df29b17b4a99be7c072200283d27b04e11012a5b317df43be33c581d541
SHA512 0242c26e52706ac32d2b40e750ddfd22da81c3985626f0729b7e2d24cb117593a0c8e3564b960ae29888e3520d66b40d7f74aa47c6abcb59e3c90c7834cfcc4f

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 06:56

Reported

2024-08-25 06:58

Platform

win10v2004-20240802-en

Max time kernel

140s

Max time network

138s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c030230ed5c3da370d1779c1f992e03b_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c030230ed5c3da370d1779c1f992e03b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=1420,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=3300,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5020,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5516,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5536,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=6040,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5708,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
FR 142.250.179.68:443 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
GB 95.100.245.144:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 92.123.142.200:443 bzib.nelreports.net tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 ww1.fasternated.org udp
US 8.8.8.8:53 ww1.fasternated.org udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 68.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 144.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 200.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 ww1.fasternated.org udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 g.bing.com udp
FR 216.58.214.174:443 syndicatedsearch.goog tcp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 174.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
GB 92.123.142.115:443 www.bing.com udp
US 8.8.8.8:53 115.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 192.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 92.123.142.80:443 www.bing.com tcp
US 8.8.8.8:53 80.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp

Files

N/A