Analysis Overview
SHA256
d27c7b830bfacbb26cff7620e549aafe999ebfd4c68a40daa206115bfc4ee0f1
Threat Level: No (potentially) malicious behavior was detected
The file 704ecb8638f1b257c4d4d71a9eb90c3d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 00:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 00:37
Reported
2024-05-25 00:40
Platform
win7-20231129-en
Max time kernel
119s
Max time network
130s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd8394cff025df40b43ff0314732ee44000000000200000000001066000000010000200000001dfe98c56d9b511032b539e90a4ef2736cd2337ab76a528d976a419f5ca7ff85000000000e8000000002000020000000079e7a5d05bbb80765e0189b0c25a4e726d264f4ba0806f8daad345ccaf50c27900000009a5b9394db11ec98b54c0fae3cbebbdad67a78911f250508d94b6f39d5146ed1d88ec551d1e5e48c66920ded9e0635ddfb4258604c084c1072ad893a0390f35359462ebb31005e5d5fa58e3cb15e01ba41a9a6a4df89c31798fc758c99cfd160741037aeb9066e58aa2da212b8bbdc4880e1c17ce6363815ff0a4c374e904e40d8e320322d7d6ce372961badc697a583400000004b3a637ff669dcea8fa488f50db081a5b76670fd2c89a02aa06e453953e9b2adde47ffc07ab1cc57f463f87b3ced97c1bd143a597ae467f61afe8ab77197962d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd8394cff025df40b43ff0314732ee4400000000020000000000106600000001000020000000e8ef5e5ee8f2bfae5c8a34773b27312190b3bb92ab903f7031ce9f21aa070991000000000e8000000002000020000000bfab83a4dab92e7815c2ab9fc94075a26d59d66f2b1a0f90cfbc1cbd37171d9b200000000cac8705aa08aaa55c9912412db5a7e8ca49949d033e5e843921b3f20b81664d400000003784b3ce0ed4e3b103011c6d4bc74f78a3ffefbb7e5baddf0df150e1ce805484fff621fc311f03db22eaa6c46aefab2c8b6b9ce06979a028be7e89cdc36ab135 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422759350" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B108D91-1A2F-11EF-B69B-6AA5205CD920} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0a9c0df3baeda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1368 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1368 wrote to memory of 2708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704ecb8638f1b257c4d4d71a9eb90c3d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar28DB.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6eb3d9ad6d6f5e13a8f2fa765f1fc5fb |
| SHA1 | 6d63cb52969bc42a66845daa1b1a642d9ec9e45d |
| SHA256 | 5e07aff896f7e3086a1381d8ee9d45d87ad172d9a294f2f467df08945f9bac94 |
| SHA512 | cf9aaa41e0c5fdb2e0c140be32daf46a5ffdd5a61d48704845e6ccc8542a21c0709d916703a9b9cbedc44d966f5898eacf9248e85a1af2aa0b4d5cdf37bb0c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 683876828017da8985e9dab915bd772b |
| SHA1 | ab1086ee85430945972f3fcc999d32a39f0bb791 |
| SHA256 | c860ff06a4410f8320305c55a3c462fb264627ad66b00198da592b664b754e53 |
| SHA512 | 93c8546291497dd1a08ab3ddc3bf07ab9e186c91366d8bba38e23da2473bced7d08ee41dd0aa8d4306bce1a0d2184d2b642411eab26076797ebac4062f94cd91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2abb1bf4ccbf99f9c90ba1d88d478f87 |
| SHA1 | 45587025b3d89df33c15e69d9a378f40508c7179 |
| SHA256 | 22c9d43a9f224e2e8e1c628d5f1815963dd13e1c45d5c3b878ccf2367ea847b3 |
| SHA512 | 108b56633af3ce6543bbf90842733fab907af09eabb8ba51892ccde3d6831d50d362da3fbb76a0559511401fae6be1a92d973a0eb7054774382504c88f322e74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed5bc46e327a64d1e9012f9855ee7e6c |
| SHA1 | b142f6eb2cf50e85cfd0de3b2084c684ae863bc7 |
| SHA256 | 46fabf08939f7d5497bac9c52331ebe01bb410e2bf0270d97b5d6738ee36d7d2 |
| SHA512 | 8c22e68a121d1000e08ee0645798ef672d8489a30cf7a692978cd799e632b3f765b8c1f1e415a70156d0e1710e750497ed33e0cab004b257d3bc806753d50706 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25b771982f80e70d3cbbb81830bd1156 |
| SHA1 | c046950014c1a958b0837809b052bab9a7d698ef |
| SHA256 | 6fa7fc47c64158192c26534fb0bfc418feeda34b766c08b0454b41c918359fb3 |
| SHA512 | b19ba21fffdad1354e13700b045e1fcf05995885dd00d4338ed916a661bc0a4a212c2bbff8fc131e9f17e8eb81f2699e3d1ced199ded53c49929cbe8fd0babad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91af9e6a91ca2d79bd38a8af4c229c02 |
| SHA1 | 3038b7ee1288b477962c536948d40661c3e16203 |
| SHA256 | fc0f99f4caf12bb3ee668067433b2426e8e4845cdda628951726f6a41bcc2193 |
| SHA512 | 9271764ca970f1ed2545de931dc837875594f6abb35e5afb239062f5ad8fcc4976f6180d803a91a2447ac140d004a3b59d1a20d1ea794f883b7a9a3d7f41fea4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ebcbd02cccb19932c50ce19027022f1 |
| SHA1 | d92477c52987e0f4a528870cc35fb28f85575332 |
| SHA256 | a7f5e424b129feecae5a85db35d00c91f78513e2dfc396cc6a3c6c3e8d10200e |
| SHA512 | a6bcdd474926b10000e33e08dda9f3b97984beffcdeebd03fd3d3e74fa0a8fb312d6aa6ea7244cf327ccfdc33b1144ed2db9ab3349b9268c2688a61dfdf6c08b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0c30f14fe6d1d3e2b37c112a96f11ecd |
| SHA1 | 6686880ccb50b65e6cdb06b143181fd07f63bce6 |
| SHA256 | 25283dcdf741d6dd75ac870c49da8136572c18cc7506d50120aa1e6bc4833daf |
| SHA512 | 9412f82f7f6ba72f99eccd22e7da0dbbca026b95fcce252ab0a70f4b3f13f08dd89efddfb9bdf4f0ca731b80b352812bfc71d619b85705391db6c53131e63e00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c063e2939d36240615a32ffd6333eba9 |
| SHA1 | a5992cf937d51ba8b640f95b5b45efa01a032058 |
| SHA256 | 793dbc7e234a37d870f22ea088b7dc0f1a8dbd42dbb4bf039bcd7c2569e1db61 |
| SHA512 | 8beb8d01a22493f44a9ada1ebf154107068ea92a4dc046ea9cfa59c7ae2e48b0336eb568d2fa315f099961111e37caf7793b094b7d0833d4154b892d1299a224 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8f870d61047d736b13f3568a84e5928 |
| SHA1 | 59b355c0fe997a8f002222efc1c329463cef7ce0 |
| SHA256 | 051ec37df6a9f60b631ea13e2b01b24a1703b805f3011bb58624c4df8932b2ca |
| SHA512 | 48d084941b73009372871d072260cfec4eeeccf29fcab0b7342e6ca4a8d8564253778d528d020704192f583d66820768f896af32e4ebbc325e49abd2595901d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9580f6d4ae614008ff37d69b5e98fbc3 |
| SHA1 | 5919fad76c5726658c83f89e950104bd96d9a49f |
| SHA256 | fc9c8643322e6d04d22c5c0f1a6128823ab8dcb4cd677cfc145beb97cf8df8c2 |
| SHA512 | 12abfc33c868544931b80d64ec7c23422f9fd310a54d34a26386e6cae190d8f1ebf1ad43738accf514e1c04424c43826fc9298fc8ed21f670930c61a4b5a4c3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10f180ca05329e38f6422ef70bfe35a7 |
| SHA1 | 24de149f512ab8f64dc1ececc2d82e78d8d6a70b |
| SHA256 | 8482aa213e94b7f1e81132613bb989ad0c90601e0e71a2ca19e88cd42c3b5025 |
| SHA512 | 3cbd3f4afbb37543984547bce76d2588938440b362627d05f52eedaa38ba30cc95a80b0b6df268598a1d2fabda22ccdf2607614f52cfccc02c6b18c2365abfb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43c0bcb7393dad99d30fb5a77c5026f7 |
| SHA1 | e13bfa0dda6ef3f3602d5369aed5e95962981e4a |
| SHA256 | e783d5c94876708e4001f8664dae7bec8318d49b83d1a863cf84f818e4543142 |
| SHA512 | ec895839238a4ac20e08adf849102478068f7fdffc3f3786dec9f4e97e68a1e3d43cea9693b08edf210b65794da076f3769257d132c937e2a3582e2aa15630cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a8da2836457718671f9a92e327aebd9 |
| SHA1 | 6fc817c4a28ea19f3799e8273a9d812847603d47 |
| SHA256 | 7146d4d2590ff7ea6bd1d9621aafc2c633293889bf8b8ece40b02b45c65666b5 |
| SHA512 | 9333bc3d38539d1969749a244030e3591b0f15df2febe58c080b6ef18dae53e190a180b71933a56f5b0f3fbeca9405df9cb499287aebdce2dd01b587f3de34d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c7bc2fa2e96f2021e767d43d96bc7ed |
| SHA1 | 5d9153b741cf3f0863a4b0534c663f3caa20f49d |
| SHA256 | 3870d7b3a0c3612180cfe5b0f01c8b0d8f920fd390b00909fa2948e11eb2411e |
| SHA512 | bc6234f200729f72553c49571fcf95bcb278d4df0c39a6a30044bec2452b35ae1d9b635e13d69073a1eeea88fef800d64d03a49f583fee861627d43601be24cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 961297af39670e6b0118fec460951e9f |
| SHA1 | 18b886538d5e67ad4899c8414b26b0d6707060ef |
| SHA256 | 1c6a0a11557042194dd77329b878e264fcd77a5808d2b661d59e952e3d95ef63 |
| SHA512 | d385a512d9f03c7b41b5ef22d5c0335ff68af6a4c7e8ff3bca49dc62d5f21c8b471450855bee4f00f94b81356e2f1a970c615b5cce765d99c227dcf49f90d184 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17bdc92b45168cb14276b390cf731e0d |
| SHA1 | beec1d03ad9fa1dbc5826ca046055507115a211f |
| SHA256 | d1270068b8f64a40f207cb9a731f103a0ae7a95fb602e1d26f7995fb0a40d05b |
| SHA512 | e45256ee775db34c3724955e16e4fceea39560e63aa0f0b790455f648d487d1ad185daae1bf082f9a8737c78534905ca5ebe98e648a3acd75686fc5a1fae469e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5813d21cac98ef0fc09b121a561d6790 |
| SHA1 | fdccc381ba5574d410d92ec127d88a25eeff56b1 |
| SHA256 | d9c14c0278e7f21fba8eb04c6f16af8ce90a315ed4eea4bc4ad69b24d2f38d9e |
| SHA512 | 08abc582f5b813b048ab73551256ed6418c5588b69bf72e697abbcbcabb428725bc9bb6935baf52d49469ae85f5f0f570d9002ce436b095ade807244cdd051e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0e351bd977052e91bd7219b03c555e6 |
| SHA1 | bfc274088481f2d65a1b91d3d0863071fe70e800 |
| SHA256 | 233d69b7687264344231ae67b26ed23efd477349109988be290a8ec3750fbf0f |
| SHA512 | b7d8457ac492f6e664705a23c4ade753dcfd2ca1219c3f6d3e118dbe7f7aa68760ada9342444219b79cf8d01d6992b569a3dc96218411b7d50a6440f8770462f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a8387e59e6c0e09885400d17497f1ca |
| SHA1 | 85b37b77d8c36059ffcf92500e37c349c61c07c3 |
| SHA256 | eecf50d816551b3796341a82697eb66c7a514240af5977e9d8d45ba204b442bd |
| SHA512 | 754615a185ac997f250125420ddca7db2d74318bc6afa088fef6a377cbd13c752cf65ccf045204bac70b858cd59cc84edc331c46e1bd8aeece1d860ba64777ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e0e72da1f91d56de103399dd3dfd840 |
| SHA1 | d261ff95a96eb07a359839dcd1aa34d115b4e69d |
| SHA256 | 488ca23214901ab12fd43d6f6f80a27ceca69a65f243f61518266209adbc1230 |
| SHA512 | 1c3ec7ca953b8427ff57490e8543deb0f7832713d959edd787080c2612e876abed3710b0c216233e882e64aec4d433a9f68ed5d2ec31773d01a4d677fa29a6ee |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 00:37
Reported
2024-05-25 00:40
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704ecb8638f1b257c4d4d71a9eb90c3d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4008 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4936 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4292 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5560 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5980 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.198:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| RU | 88.212.202.52:445 | counter.yadro.ru | tcp |
| RU | 88.212.201.204:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |