Analysis Overview
SHA256
6155d97b557650957dfe6abc1ec30149a9537bac1a3d2eaae735a197bd8d6d3f
Threat Level: Known bad
The file f3d6de0e863fe521a9ade07b74b8ee73_JaffaCakes118 was found to be: Known bad.
Malicious Activity Summary
Medusalocker family
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-04-16 16:11
Signatures
Medusalocker family
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-16 16:11
Reported
2024-04-16 16:13
Platform
win7-20240221-en
Max time kernel
118s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "419445732" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000bfe0c2ca82d36de39508e4850c32151615a60ac9dfc86ea80778bb29f5405f29000000000e800000000200002000000062793dd5a2f8b5853b11ddca0aabbb1bed711015c771d0980d4d81e094a7f66220000000820f6d7a997a3e3295cc2144bffec886d1d1f7bc865fb50b60d5700d0e620e8740000000dd6790ebd494e053a95646adef0e11bd99a6b4cf221e44d0359ef8d7ec2e44a9adddb5ab398d9934209b76174f0233da7b0d13f412daf3a61958981962ec30c3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 409e22c01890da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EBA37D01-FC0B-11EE-917A-EA263619F6CB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e861098c19b4244d8627ee4664a9606900000000020000000000106600000001000020000000a22ec06b931fc22f6416ec1275dfb3d3785a3d9646fbad4e639c939b0c8c7b08000000000e8000000002000020000000f72d02df77bc7fad2984d873b7685a734524e16292272485ee1c560103adc26e900000005564b2a635dd2f5bbadf86f827fe942d19c203fc0a259d242b0996c2ad2c1c635a87abda8fe5d8885c67320d6774a106cd3a296d7778ba47321677398d5c2f3164de970541cc9fc206369c274962673f3fff1fed3cb06bb1351476b7d2fc8d50a365e01119f7ac443d7f2041c4a74bd83bcb2fb1482c504a9ee14b85a17ae23c506cfd640e2e0d9342dc5beac2757b4a40000000b714eac7978c10d32ae7755600c3d771ce7793579910eaae917d2815eff3b1d2c280f002460dadcf22e33b76e982106ea5b91bff8ad224170d878c91876e922a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2884 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2884 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2884 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2884 wrote to memory of 2340 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f3d6de0e863fe521a9ade07b74b8ee73_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab280D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar292D.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 310fe156075b17dab06667af43ba36c9 |
| SHA1 | f660b4d02ee041e15b213f2b57da46ac26ea06d1 |
| SHA256 | 7a6bd84a67b6b7671775acf8784648fcf4a945c82474b3ef3121b78afc60209a |
| SHA512 | b421ed48df686d2924b6e9b368320b54bb8f482b3ae5d7aa29d1f6a7303f8b2e8d48d88af5300393f370a3224866dae094f7f5048bc5df05398064de154119bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 487c17256363e074272e766931b67803 |
| SHA1 | 861bde5f84a6b27f668de07bc7b102c94680acc5 |
| SHA256 | 695b44e1ff8638d66f817fe059d9985c13ed462680d3fc308a96955418cd8dd5 |
| SHA512 | b47c801de0e792c6b8aa26631e5d1385a146964c9f893666a9c1addc35203ee962a5d087b754c398c09a912e918212e31924a82fc595ebd93590091fdc7e5bdc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ca000c52a2db9c8f43e9c4508890a04 |
| SHA1 | 5b87aca3b7971078600170f17082426cce881e71 |
| SHA256 | 68a26e573b93808d2c10e3867efb13c353b2a560d551d26bd4db643e32757618 |
| SHA512 | fab2c13ba46bd56a1066b76aed1fcfdbc22d14b63b5a34744b4efd4692257eb1565af3d745a0ae35ed4b751810eca0ba9fc90fb93985396656ac96dbb6d685ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db3cce62bd5b891f4d547a18096e3d47 |
| SHA1 | 803a57663c1d7add84ad1e37505f0cfb476d70f6 |
| SHA256 | 710b1a04b0ba6e9183e5f84ac88cacd5e85d3a34544c8b43632a6314364284b8 |
| SHA512 | 19b2275ee031fbff463c4a08790a688d1a8ded1ee85baadeb7f43bb1b1a3ee49f0287ab48f6f3c4c0e7214c4292960d5acbc0176ea861c4d65a6a10a87b8d5c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8b693d030de0e1b3614388d891606b2 |
| SHA1 | 22deada61de6d7f0ddd8f4089748d701b659165b |
| SHA256 | 1861684936bb8875a46bed2f4273fa3748f1219fe2e57f3418575cf182ba165f |
| SHA512 | ad35f3b719d496f073557f3e2d3b5dc38a91647620dc699982d57e9e5c8ca9a41ed00e51753413d0db74ed82ce4165d22ce8e207bfeff1dbb113dae6924a8c5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7889a7c145184bba6efcec9c0736fc18 |
| SHA1 | f389294509328f683f719f7d2a1b540b68a265ed |
| SHA256 | 4324181360d1f6db825b4d7dde138ba819ae1179f737fbdab0422827f8938d07 |
| SHA512 | b575e42af15b823685880a00391924006f2c0dd01b70de7c9d7628c1577208670a40cc4a20304b553c031335ed14fd35d0498945e92b7fa57c0ae3e0cfc20dce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bba941dc7d04dfeb7c86a64ec817295b |
| SHA1 | a6da55056c2792e018bcb7f4ca3f8f21e5498491 |
| SHA256 | 0d32da01325c13ab2e8a189cd004460217e4100a0788ccb3cf3db6663c64de12 |
| SHA512 | 4ef74ba19a04f52d9d6e58f73b196240b247bf8977bd4a37b74ee469f841c0c261e9e3bda1b0ef7c9490662b700911d1a6021d8287fb94a01fcc3ed4d18a236f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7aa2c6a02d3df319ec29c9070a3be4f |
| SHA1 | 2e8d851e9e85c146aa0551fa1044339348d8500d |
| SHA256 | d637361b9a98a41d6fd413c73eb5865c258bda8e8445e5a4dba9d598846beb7d |
| SHA512 | d86480fa7d15de37b54f33b548c74ace3070a70a9ed65682a87ef9bf6070e344decee8837b26ccdd9a179ecebe5df790f8f38ad669aeee4246a4540045c3c62c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58deeb74259bcdaf6e203010f32366c2 |
| SHA1 | fa14939813246d20fb4699bb0b16401e3653b49f |
| SHA256 | 5401d1e45ebd177af0c472ead2287244ffe7200b6c12f3992735589c46f0d394 |
| SHA512 | 0b387a8fd68f78f127219807b5c7b00361ce65f9d0d7c8d84f6e5af8f910ed682e7f5e3e3000f45f40224dc99a65afa9c4003599f9359aaed5aa8f704d5b5cfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a380bee25ada12bf8f299f27e6afc092 |
| SHA1 | b451fcb87c7bd1c34438ab4c46256eefc2086d57 |
| SHA256 | 07e3f4a0078c13624634b6a5e1daa447eb093513f560848ee9aae66107fa4a36 |
| SHA512 | 4d9a585bad572f991a37fb1a55768ec6d259699d459a10cbddaf634a9e9b402acc7e3387da2f28150014371bed1a119c77a97685c07ab2bb7734a707609a94ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2994319a91ebaa54980f00829e6066ae |
| SHA1 | a909c7fe439c794b5aa065bbc0eb5def2e6b2a9b |
| SHA256 | 8519e0fbd90e2557e20a73285113b4f676943d1dfa7b75571d0f4fca1d5abf3d |
| SHA512 | 997964d9ab506fd5aee8241b7c274cb15130a5a4a7e1c82d5c05929866a6c9237204a8ea34c6941bffb67fb82e346cea7051791bc981b938aed14272fcee795c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6514aab8518eb6eec7d0d0247fd19026 |
| SHA1 | 46b2911d3c3209632c59103498ae8c1f2217d819 |
| SHA256 | 699cbeb1412c98b9015b78fbe989e02e3d8376df20bf4bcd8607986e3ba092a5 |
| SHA512 | 69bc995aed8ee251ec76fa9607fe95c5f4bf791dbf96acfd16adb4d21746c0492949a06c5db99bfa3da83da3664e62101f80de7953e2ba364e07bf8d452210cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bec4bc8a752d5a1ce9260b2d0f22e56a |
| SHA1 | ec2ecc6f34d9c88eff304b2eab993bfbf1e5162a |
| SHA256 | f8300e979a0e40f7266ead658d707152857dd2a63f8ad71af0f64723a2dadfc4 |
| SHA512 | b0e38af282da9277a21d1f9d44b622aced8edc2cc920796870aff4eaf80f3d64d3e832df823fc1c01f25047fe1b97dba0b9a4f170e94f0d6885d502660ad8fb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8a4a0d7cbf2b56538ee3be874ead6f7 |
| SHA1 | 98a625ca7ddd1ec668d0c6e873ddf00fe9ee9313 |
| SHA256 | 7b211071abc938b90991de226320a52693313b86fae727e6ca467ea213460860 |
| SHA512 | b892ebd59dee143ab31d717df24201ff276fc2165b44279be8dd81a6b9d12cb5cff1e02204c969ee6d00ae46689babb07261c4253ccbfd97db6bce6195905241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b73716e4bb6a33083a8a20962794a01 |
| SHA1 | cc9e8e0ceee82b5afb37d64c85b3eb756da2fc07 |
| SHA256 | c06e87385e361badb7ae1353c07aeefbc25771c84e5cdcfe15e225b5a49480d3 |
| SHA512 | 8934dd74b5120b406a0c5ca0bc1bcfb3e3abd5131695f7c6466fd794ca31566245acf2256c1e317c52c58c581761fb790dcbbe8050602e18b08b3bb51ab7d7ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23bc32e943b4c138d9af5302e492e8f7 |
| SHA1 | da2844d85dc627af873a396cda492f3755ccb767 |
| SHA256 | 4f8a39473c82ac9fe182696a932e1edab4c73945485e2dde0ea61fe3ff695567 |
| SHA512 | 8521460a9328c66fb4e9534b81e364676d7a4cb5a9d56e8b862799f5a3896c3b6fd06bed6909091173ef701edc8b62004edb873b668bed21a1b5d8b3b60a99d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 960abc9986ab6c7e8206e4c7919b3b65 |
| SHA1 | c7eb78e0236149cbb24f899e6b394403b71438e8 |
| SHA256 | 3e7241603e59cac5c05bce05ac0c9adcf539b4a5f77c30cdebbe950ff876d253 |
| SHA512 | 1144d80b68790de0d211b90604cab7585c7fe8ff6463572285760845bcccf21790a13dd98fe27235d96477d17ee6cf85316490fa7a46126ef87a844dfff4fab9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfd277fc0a9255596f1c6d6fd75cfbb5 |
| SHA1 | 793661eeb137b7cee45196430498b8abf9b11ec3 |
| SHA256 | 55454fdc607ad183c8fe25377057048f98480a7e0730a865e85520715ec99265 |
| SHA512 | 505f6e0103173cbc975a01e7808cb869e65591b5743a77d9e541333e55f306c101b529d0737d3667e3c62e23b2e6f03e9df22391ab1eda3af4f59850cb474f08 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-16 16:11
Reported
2024-04-16 16:13
Platform
win10v2004-20240226-en
Max time kernel
144s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f3d6de0e863fe521a9ade07b74b8ee73_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3956 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4992 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4908 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5592 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5320 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.73.139.27:443 | bzib.nelreports.net | tcp |
| NL | 72.246.173.187:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 27.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.182.143.212:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.139.73.23.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.212.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.65.42.20.in-addr.arpa | udp |