Analysis Overview
SHA256
f57535e3419cf45bd3aa8642d23b2524bca2936839388f71e52290635116d007
Threat Level: No (potentially) malicious behavior was detected
The file 742aed91c06d0cee9ff191b1dd4be5bf_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 03:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 03:15
Reported
2024-05-26 03:18
Platform
win7-20240221-en
Max time kernel
117s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b7ec6518aed3b84a9c29e5ceff03c954000000000200000000001066000000010000200000008b96b7a0cec15d88ba24f788489d7641518f1d046acb80a7887b4e9671362a38000000000e8000000002000020000000c765a85f3e08018cfbd542ccc8be363dddb534a78862b7939dd07a7ab991917220000000ebad0cd7630775bc3cf4c60725735e763fffe64cf51114f51bb4b2b3d3c1457040000000150406e50f496a756331cd99fced5059abedbf3dd07593b8a50f51265a4f4ffa9ab325f081bd33ff590fd2156d623cf16dc728e89ae5825ea30a2abbb628f10c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b7ec6518aed3b84a9c29e5ceff03c9540000000002000000000010660000000100002000000051d59084ada45e4bf936f11f109ee7959d1cb5d30ccc3d9bd8028c845aa4609e000000000e80000000020000200000006c3e108b0de05ff9fa47ab56178437c8fcf54e7aaa64f31e554ca550bec1cbfd900000009ab891860b2ed03e22c0437a2f388987424f98b180dbcf37235bf2cd8cb58fcb5b614c029c4a946413629c3eba89a67ce19c13c6180c58e50ac21b23e282d355ff148bd68a17ef39192927885128ee520af816c3d69c451d21d4865f8c52495d5176d318e2f90e2676ca2443a476cbfe939478c0c64febfc56243458acc7c4ee7d37f1c2268a4bc78fa0426aff135fe240000000f665f57d4e3a0f7ac19fce7b5b102d2208505d3780cf3cb4dcabf1ed63ee62cb714678212d6783ba0390c1f0430eedc48e187137e66e933e81a5b4cab14cfafe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606eeb1c1bafda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{473D0C51-1B0E-11EF-9F3E-D2EFD46A7D0E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422855230" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1664 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1664 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1664 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1664 wrote to memory of 2788 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742aed91c06d0cee9ff191b1dd4be5bf_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab911B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab91F7.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04027e734194bf3cb1542a607e1f2888 |
| SHA1 | ca77bc97e5412045ddaaf3ea8907822980ac2afa |
| SHA256 | 60ef0cc1aab68ffd68902e20d45833d0e58ea674386bc619913ad9007f124dd5 |
| SHA512 | da58792b4f506cdafeb72891cdcd75a5120997becc6678e8196c5bfae64d1bbefce2c63754ae75688ffedf1a35aa2fe291135d5f8f21e0e27537bfa51ffed264 |
C:\Users\Admin\AppData\Local\Temp\Tar923C.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\analytics[1].js
| MD5 | 575b5480531da4d14e7453e2016fe0bc |
| SHA1 | e5c5f3134fe29e60b591c87ea85951f0aea36ee1 |
| SHA256 | de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd |
| SHA512 | 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c811b05d0eb8945d4a42dd6c806cefe6 |
| SHA1 | f9d27ff0b6f11e033e8c87958938a1a84c73db2a |
| SHA256 | c29c159ee2a280c2af1ad7659bdde6da8678068b9d6e4bdb6626b07fefde4a42 |
| SHA512 | 0ef9f9848f5a437df9b5cc2995d33960ee6931d09c3e83846bbb04f3b3fa63e8df7c2bc335fc16510eed4d00258e175fb9db10c6f001ca1708c097d82d88c15c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 454e425900c0a89e58a88d74668d6e64 |
| SHA1 | 321dea365f78540a4a8712af7e46bd3630b67fe8 |
| SHA256 | 632842cbce3b7e58b28ad6ecc76914f67d487e931daad33f07a1e797354b13ce |
| SHA512 | f0424107b43230ab9546eb3fa5300e396b358a7d542b10ccc10ea3509f8b9e69b5ed49b8ba82e55a109eff45c46b30a25f5513584fffbec233322ac454a7f3ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fc25b1d8439dede6053f1a69e02ba77 |
| SHA1 | ce192d547014245471dfd8a341b63613239693b0 |
| SHA256 | 7ee5b28e6883f502213be0fbd13c363cc78edf159a9718191969d273535203a4 |
| SHA512 | 90c2adf5dc79d60c4d1a5858c5c950290b817915110a9058ba058bc5a6e4778f9a03d531f1d3b66257e4c73f3c55c03708073f1c1d6db389b70531843b7ad765 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5b594812773f79cd47138d98f84fa99 |
| SHA1 | 115e188cf0225e415b8bc39e835cf627a1dbcd57 |
| SHA256 | db53e789621c6e38caf0170c62ca1615c324ea42fdd9235f00ae602285ed7a6a |
| SHA512 | 02826b91d87560e0f07e7dc6655b3d90be204e0f420a37e254f5dc71bf6e88fe9c8bf27f46f045f1ff0dcf72cf60ce6a56f7079339e7944ef8a7e9bb0d37c073 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7572390ed7520d5a7ca848d9ecd36d9 |
| SHA1 | 0b160f8402c876a7481bca840208fe4a801b716d |
| SHA256 | fc25bef6362c86362a1062d5fec9ec8411212bba5a6e988cc57c0a7e8a61342d |
| SHA512 | 860f61f3817e743bab018bacd8412c19b977ff617242465d414a3ce55803ca884957337229b2ec9a102f9582f5e88fb6eae3c5d5bf58f9061d24df939c458b9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ae03cfe27f8d966e3bf2fd33e0f111b |
| SHA1 | 705eada4ba1a47ccb0ef004ee3c386727cd9d02b |
| SHA256 | 979b1f48df07ac53cf6666ffcdc4bd86246caabb2939ca9a176b1dfee73d830c |
| SHA512 | 508e1e76a21494a3e91211b0f27a20e1e096590fab454234a5d7de7347883518b38f45b1eb5456232e3b558e492f3c664d82cc71b0efb2bafa1840f2d3fa1e2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7a598fe16f14dde306a1044b0d0b1cd |
| SHA1 | 4be5e4956434c8ce66646bac0a0a135fdb708507 |
| SHA256 | 70fe77093e98225f366b574f0af0039a8ccb5824faa496a0e27c04d197d26db6 |
| SHA512 | 04106e94dc929432bb0503542d3df1d6c8cb25e62e96e67aa9f4af172e70ccec97f9c72305d0ddb39f4f71592bd9ca36b550093a124ddf0743d3747d53e12f24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07158d49bc8decf35ed9187150264e41 |
| SHA1 | 6c90d4092032105b55579a247eca3e5d688c19ad |
| SHA256 | b2f7299afaabb8eddeece8829868eaddbb92c26b74d364a4c023c24d950959b7 |
| SHA512 | fb7965cc94bc55926e1ec38b1d76ad0043861b704554111f03b63c04add65e16024c04d314fe54d35fec523fb801ea49b833f11569e944a0dbadf1cafbc655f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b0dbb7424c9e69a8595fb839327ace1 |
| SHA1 | a73e60071128041699e4fd667a20e848a8da98f0 |
| SHA256 | dea587e59a170de5866295de0297984322005d50b76846b2486fa8641b3eff85 |
| SHA512 | d9415dc4de409e59ff56b20be87d8b41c3f7ffb717c6556e20ad616e31bc6c9106a5a6eeb273f6d2df6a898fe2135801884643e9769b0dc11638138f4b7d329e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e384279b83b9d4209fa28585fb4f44c |
| SHA1 | 8ee9e618bcd722abc9409942b86122bea1cc078a |
| SHA256 | de78a35590927c582eba3c7a05f5fb23a3a12480eea535111ac9d0984dbe718c |
| SHA512 | 7490c2c019d5cd7ad5e7c57d93eea2d8155b751d76fc0b6c2a1dea1723987b2f72c078feb70027de2750321a947f234c56e15e987c7751d2fec566075136adcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc1d3ad2a140935594f2fb015ebd52fc |
| SHA1 | 8a907a7ba8ec97ba78f1e027916beec4d29fcbb8 |
| SHA256 | c734fd4529ddc344e225fcccd88d0b87ab4744a77dd0017f31177112545206ee |
| SHA512 | 1d4189e27e830b34343bde0d54039f63247a8d92d2b6cc3789d2abffdd3ab592d30d50f0be5f4aa6f602cd79560ece44041b015af37f9ffaa44d4c3f94cf3e0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74868b50d65036d35b843b2dbec89ad7 |
| SHA1 | 4abc5838b7192ed7a18aab4b99c4ce42d01d2cad |
| SHA256 | 9452500e7fafd9b965f423760abb27afd1e416cdf85974326ae605b54cab5cc6 |
| SHA512 | 25a877670d224ab67ad2feb8f29c27f2ac4e9331b53b9a1ffa1a868aa367dd6bb16e7386559bb69b76f0458e5a0728db52c6d7913778b277048c0384ed4b8791 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b537add4f4bc5457d0b65370b9231e66 |
| SHA1 | 510d07449c8a5071b3f484a1b3dc7db6372a8276 |
| SHA256 | 7dcd58adf669f9c137357b7c991b9189091364bf992beb6978854e4760cf7f1a |
| SHA512 | 3fecc1c116e44eabd8007bbaf55e31884686752127f1fb0230678f98e630423ae168ac5c55901e79c1bdd46cd2f020ba3ed17158b68e8623fc9f58839d5818ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 79d3d3ef13549d40e7982d6fdf7352d2 |
| SHA1 | 90bc1edbc4ab4135ad6377fbeb11cd2331eed5ea |
| SHA256 | 4e53d610b213576e61bfbe795214c83fabf8611f63bb5a97a6bdc705d61e735b |
| SHA512 | 2d6fb87e7102f2b4dffee96a4a0302c0a6ed4b9f52fcfeb1a97c9e36a274a8ef6ce21a0ff5d1dedbbc776a0a5a63cf0064dcf6772732a801ca90e76d03acbd9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f56e9b16f4f9ae650fbe77b1c2b70968 |
| SHA1 | cee8e36784498d560c0ebf5e8262451e6ad337d6 |
| SHA256 | 80a3d5d05528106cba636723ce0546316f2616296a6af57d549a01ba5ae2dcbb |
| SHA512 | 6250c9c875337a6097dd7e137608cc1c53a308338314ab3c4aac07c582a00424aaa477070f04fe9a89a0c683a9c48d7674244e9be690ca5c2973ec99e8725d5e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef1df50f7ebe0915a2c71b2ec6353028 |
| SHA1 | 5a32f26cdcc4f46a1cd499b02df619a63bc08f80 |
| SHA256 | e9d8f126080ab1afc7b73993876f357146dd13ebe342975e1a024d5d46845a9e |
| SHA512 | a0ce7c42d8184e2853e1a5ade26bf0c639e91a18cda3a595574840f59ef9b25a8aeb656cce8295df63dd23bf982b79b45317181a5bfbe015a81db7fe2059555d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84a63a43f3828bf80dd574c8b0456033 |
| SHA1 | c3cc96ecb245fc16c86f1d8801d1187aee861f80 |
| SHA256 | 14d94b046420f28753941da9eeed51b2d6a85e3f9d40d4fb16af589420d47bd7 |
| SHA512 | 0dc2e089ec79e9feba709f0ecea844d7b1acba489cab950bdf73514c627e977434b650aa1016359d13c303a3ca05f089534a6d0a99ef79f390762601dc5b706d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 209d5f17e36e96abcb960b8cacaa01c7 |
| SHA1 | c05211409b374338e4104d284fb6af8d6c8e3b5c |
| SHA256 | 04c70dcfa39bb8d8163c15e174f423718dfbcfded9d966fa4545e6e663c0d1e3 |
| SHA512 | 1863dc070a942a420ab0b8bb20568f61366f26d3934094aafcef643a3f2e523f655b71e1748fd8464c02492b62d4b423434d0da1612c23940d09d908c7859fec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 900d4089fcaf0d2c9ef6535185c2aab1 |
| SHA1 | f0056aaa367e8f0b94ed5a90b9500afbb05196e7 |
| SHA256 | 2f7d36f50ba651bcfbea5b96a857898ce0e89e19e62f80c02766b0c2b13cf74c |
| SHA512 | 42b3e1cf09b95227ccb5efe5f0e0264fb1de4fdc46384ddca38db2c42b42891245bdb64f6c259ad119ed862b0b7a12ac0060d0e1c25a8a2052292469ec44032d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5a11b998340ff4a8ef7bc3d02097eb5 |
| SHA1 | ee880be5db5e2c69e9c00feac6a2b487debc679f |
| SHA256 | 519d98be7c140dd503079c37b9631638dd63c498b201b2368b7b0b1cc5fef87b |
| SHA512 | 3ad08c412c6e36627cc7e072ac983eba2a26e6d88c9cda1efb3fa8a87a394949d19201ed0d851b72960c6e9623a3fb6e579c675ca107bc8c86d0d8b26ad4c4b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca7a574abc8e9373ea0526d6e4ccab57 |
| SHA1 | 7df5e9f3fe2ccfd3bb57ed7e097700606699d530 |
| SHA256 | 5041e2c5acf07f19ada275f3b6d3ac33d89279bae823ea879efdca629fc549b7 |
| SHA512 | 7c156da4d349515e94366ab367eca9134e5046aa2258a2c5c13989a520fdc6d4c1baefeb336fd7cf424b3d2e1484445940d054c9c3e38447954c3c7e6be3b60e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 0b623193a85907b9d3f0c26b3056bc99 |
| SHA1 | 430c10a2007171f6f9a7217387636e0ca74583e6 |
| SHA256 | 41fadd2dfb9effa2672c05076b9b6b5f83ed5592dd22e4290eef5b0be41c3f95 |
| SHA512 | d8e91a409b310311f84eb16209903df59ba18ab408a905aa5739a8903e885bc527b8291e62a921debfd55ba019533dd88f0a8bf5dad2be6286fa49c298e75fb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56280bff1200e8373b1131759b09acab |
| SHA1 | f70db2b33344f584062db05d04b81de784043475 |
| SHA256 | 859f2c363520633cdae3aca3cffa782bdb176475fd1f9f4404d719dbce5579b9 |
| SHA512 | 78df67602b366fea109b90a11933b0d895d05bce872c96c39e17cfc3fb9589129147208ac53f5120cc3d443b3cf3c4229dfaf385f6b600d3da649c8905a81971 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 03:15
Reported
2024-05-26 03:18
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\742aed91c06d0cee9ff191b1dd4be5bf_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1344 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=1396 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3516 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5816 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5236 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5512 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| GB | 216.58.204.74:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| US | 8.8.8.8:53 | herriakmargozten.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.herriakmargozten.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |