Analysis Overview
SHA256
66649315223b8a10ba8181598a810ab21e4cbd7333c658a13b752b1af5aaced1
Threat Level: No (potentially) malicious behavior was detected
The file 7a183d82aad6c3ec612610f5fe7b5ab8_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 18:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 18:30
Reported
2024-05-27 18:33
Platform
win7-20240419-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000072db484d601ff6aee6bc1270fa441d723d3e7314ffa9aacc8f518c16c193a4c9000000000e800000000200002000000034c9228bc3f4faff51c3f39aa348ff55bc39d6a6345141980f84047d2fec823f20000000b864a60e75fd99063350c107a34e500bce5af69bf217c1140a7a159019a82bb9400000007a7dee932443c0ced4f348a2ea0bdafa9f55a9ee48cb0593c31d755adf5c8505f0b25d935e23661eaf8b79ce4f6c178cb36e779c44d208f3e7c1e74b2ea5a814 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{35E6A841-1C57-11EF-99B2-4A4123AE786E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996504" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000015b12c3a02fd28c41cd8b58b87698ca3c4494e2fefc8abbe3fba525cc2ac7837000000000e8000000002000020000000ce15e38f07afc29d04224570606784b1df2e82a45b81fad6003001a0debb3fc690000000e831dfc2f61e3f18ed203f586e7531d3d703cd377436fd6405505903a80b16bfed4ef64f5dc9375f6139b3bb38220c1f4828750f43e8aa751bead8957210953604920938ea1f4b0d9b110d29b38fbf68986c7d757053fc7b5fda86b0dc0f935d830002d25ce3ac3c2ddf7700f5a78f4585d74e7a57561f8529b348f09f5331e2bc75056a369e7e49e8da400cbdde124640000000c4611f25f85ed5221a29b9bb2bb8f45732474de81d63045c28f0299a70d142af945408d7aae7aba1cefb3141f11622bef2165b64131083a1a6c4adf342e9d00b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0112a0d64b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2392 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2392 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2392 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2392 wrote to memory of 2160 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a183d82aad6c3ec612610f5fe7b5ab8_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | sfera.asbestgbi.com | udp |
| US | 8.8.8.8:53 | finebrend.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4210.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar4273.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 381534f696b4ba7ed82555ca1d6cbf43 |
| SHA1 | a483fe9aad92b97ce3217c503bfbea457f7b1b1d |
| SHA256 | 34f4e24abb67b9a058ec2f844cd2d4ee43fc0bba66aa40c830ff393d5651a28d |
| SHA512 | e03a6aea71fe654c3345e6d27a1952e043350bdf3b3ede2b5fac5a2e07a44a988035f7b332cdce6812f3a1ba8ec9b1dc20cbfd0f6bf326a4b513613b6643abc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b30401536af450ffe15c72f8b5c72e30 |
| SHA1 | 3d6658e8b46d47fdec51a8ef1657fae1700a01db |
| SHA256 | 0a830fadb425c7ee839365770f4079ab081ec09cceef51952def811910c4e2b8 |
| SHA512 | bc9cc64c760037b0680b7c679f1ec9611d2c21460fe9ddb26a6d9a1253239f51d96ce651f2e078aa610326aacf369f7b8e8f59e834d5f405e3e2579584f29868 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a326bf919c1ba68d1ec1f92822aa6c9e |
| SHA1 | 94e5ae87a9c8c4906f5e08c8dd1506dae0d16008 |
| SHA256 | 6eda6536a8988d83b916efc864e1f4885ec11c5b776bab7e69947a2e3d9ce87f |
| SHA512 | 0f60c6c69b332453612a713bea0db3cda5f871f00339a6017b39b0bef1582e0d95de84b8c2ab4d3cf95414c0cfcec16eced509e0c17c91348fca46e0db3a6c64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f88f14ed44670651e937c856ba6323c |
| SHA1 | 31aba4ac235d9c98223bd373ccccd9c9e63b8e0e |
| SHA256 | fb4b87c49228d1fd5a417def444bdc28e29c25835ad9cb9f9e014a2502977b5d |
| SHA512 | 4d3475200be7b22ab9b59b0633293aefb5c53ca94273f8916f15767b792e475cd4ad20b9d37cf9739999f252bd1c514949200a04241b4b014d95814efddf1f03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8c8e358c686a703882183751616a9a2 |
| SHA1 | c1f4d3e16de79e2fd40d00d417aceb424c90baac |
| SHA256 | 80fcf4e864d0af437d42f44d431e02c8262e55d219560fe3550ed8dba1ed2c2b |
| SHA512 | 1b9c201fc78a17d893f1916362dc2004557614540d30f250033f072a251bb9c396a20c93042a9d1ab0ffb7beec3b0e9ce49d6dc1048cbd19089573ea386f61f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9265d28d30cfc72c43707c1eba58d525 |
| SHA1 | 738d49f1975379df1098f22760c01ab9652949d8 |
| SHA256 | cde1658e77fb25f1389cb02f1914aa06bbc546d4a4c2de5eb09274535a7b5e02 |
| SHA512 | 3e14d0b8c4a85f0db40ecc6a4217e515c9615d528bf6e0f89eafc2587bb9cdb351992480a0fd7b4e0cd09c55d9888a33a22b7561f551547544ddf7c69f32df4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4be0678f2fd559bb7fa7f6c23a27d466 |
| SHA1 | 2ea8a66587c7f5843c07abb9158a96d9cbe2cff9 |
| SHA256 | 259ccdb5f7434fcbf29a4e3901cae0b2fc498a5c4a09252ff4f5b99c3631d58a |
| SHA512 | f95490830fe7083a88dae31389c57093985b4b46543edf4700aec97e93894a44dea5fd04809667c273c28a03b48a83839474af1fb7c59f7ae6e6734504f7038c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9349885adcc013fbd1359baf52b44ff4 |
| SHA1 | 128abff7e40efe58e1e350c27c3ed8a9ea622ff4 |
| SHA256 | e0dcd4b5647a9920c7400f4e6d484eb7410ea8ff68c88f7554d457f9b5652dc2 |
| SHA512 | a5cec83d032b6b2fdb0683e1764ac56e55ad094b9f6f89e0e5316b66c14b24bf7760bc3a028500063b7b3177a88a81681adbc1405d414b032cc449bce893325f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 110c9fa91546b2d4210e6f62795607d5 |
| SHA1 | bbbaba1e9d42119455e00c92b97c1163c3d4bd62 |
| SHA256 | 116c6295a820957a4f41c0893ed6f2016c5cd43796fed057f186efde31e8eeb9 |
| SHA512 | 0e500ebcb2654eadfe26b8848eed3c546bd779c1c245d3cc9e6322513900ea278a9ab5f676a72a7bad5624670a118ad79369afee14a3785a2d5911ffc5c73fcd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2729638b4998231be282b65f2b9d5de5 |
| SHA1 | 520b667215c10571192944cbb0716073d31302b7 |
| SHA256 | 5e6b0988533585bdc7d10dd3c9fcf603f14f9a206354989d515458b85732f0b1 |
| SHA512 | 18198eb449ac8bb0a8793007679a83a669028063ca439be186ab4752e67dcc347c4774ca111b820c30ec769e4d22ff5b3a0251e82ed8b4d00965695a1d1c3f19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14699991738abd46fc1d43f9f7e8ab7d |
| SHA1 | e0316aeaf59e285f5fe9216a96f5b70e0aacbfd3 |
| SHA256 | b034b5faf5f5e0f75505672f03bcab207431029db6bebc1e2e42cdd305c39612 |
| SHA512 | 8069686ee8d121aab4651dcec866125a9bbd5e1ff216ce19e63e3da9f86feff525d98cee73aef43c2af44d735debd44a3269049f1650ff2f4df459ac38430693 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 544b92fc8e09dfc3bcbf6ae3e7b4cd7c |
| SHA1 | 736de725ff91fac9c561cfce5b4f5f740da6f505 |
| SHA256 | 6826b8abc9540977536ed5e3716ee962de0de4ba8a71b07d952d7250d3bd8bce |
| SHA512 | c2bc7b901e8c61b8d38b6374c672639e2c021aef3571e60c85e5f7a81b9ef8eb71e8e35744643e57963b3333fa1d83adb421af80aa014cf73e09e245f9a5c5d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48e8154bd0eb4e6c0ff3992ca5d34117 |
| SHA1 | c6a7871adada07110cce5bec27fc2d8934401299 |
| SHA256 | be3e8863ea8e5a94856dc6ca037850eff15d95d7decade4b6d1abc3e1d574cd2 |
| SHA512 | 0e0f9bd8e44f847bd4298510da19b4e4a1d8a8ed41844bc8447cc42d698f96f3205e58a250ce8b12f2362828edf8d647ad58b3860c5f0a87a3d2cb787de782c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef511c38bf5bf5ea9449c6272ec45c14 |
| SHA1 | b6025dbe08ffb8225c0e1680b6c525fceb216a55 |
| SHA256 | 4ea4894b000d0076770d5e578732a707a4a6a611dc0c5b20ddd6d902bc2e0468 |
| SHA512 | 31ad6113fb1209096332ca85844fce5fd8756d6f2e927586b068fb2569927e9317825a1d743a5837fe723a21f7ff935283064001d202d888824e7677a693a24e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71c36539d76ce248a6c1fb998f19be5b |
| SHA1 | b26b4e6669adf18afd6e92a8e8870f53c818a8f1 |
| SHA256 | c5b49bad22755077024d531bcf83e603712199a3fe71fa0e91026c667fc50f7b |
| SHA512 | 9b80026b2ac8dc4f3757643581e2f4703f1bbcd72e7a913fdc7c28d43259fe645c0e9096cce950c1775e1257d01eb9b6f900a3a2e450d309b66ec3a58fcfa4fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbf37a3e563d6b0ab1c76038124e77c8 |
| SHA1 | 307965c9b436a1beb9348aaef6b8270b303cc1a8 |
| SHA256 | 55f8f3dd61de514f7195405eddeb691d56bde7d481a1b555e37dabd59a09be7a |
| SHA512 | d2fa223b650f7b24997bd768d05899d920337c4adee9d35987388d4c5f09e1acc2d758289d1733bf1aee5636361abd2ab62f63e830ae9441a7a03c426f662ea5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6af26c62037e8e71400b51767d97a85b |
| SHA1 | afa3ac1a24b31f5e22fbde54e0d82a7ee0d33932 |
| SHA256 | ca2b9c2523c666d12bf38d2c598431da522a673763d2c0a0ab3139f8da3b77d5 |
| SHA512 | d8806e871661eac50ac675180d8db31539ab959e3eb29686d1f59ed3e674bf8831701dc1a8b2e2806673ef2ee3ef45545e8278c2de8f381dd593e8388dde9772 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be3fc04d19019c61e7ab213c168a1a42 |
| SHA1 | b2a04edb2438cf84c35ae3a5415cbdba6da9b549 |
| SHA256 | 081179d2d2a4c1f0b8b8b89e3b471dcc8e650a59ef26982aa7e6b3b3e4838d55 |
| SHA512 | 06cdd79f0f2ced3c3cdd1101de03f5032089163860d3aa1f949b91daef3a4e6a85f8d6185d21305dcdd39a93213555f0c8c8a52ac9b5eb4e3023bb3cdd11fa64 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 18:30
Reported
2024-05-27 18:33
Platform
win10v2004-20240226-en
Max time kernel
140s
Max time network
154s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a183d82aad6c3ec612610f5fe7b5ab8_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5252 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5696 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4864 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5484 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5848 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | sfera.asbestgbi.com | udp |
| US | 8.8.8.8:53 | sfera.asbestgbi.com | udp |
| US | 8.8.8.8:53 | finebrend.com | udp |
| US | 8.8.8.8:53 | finebrend.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | sfera.asbestgbi.com | udp |
| US | 8.8.8.8:53 | finebrend.com | udp |
| US | 8.8.8.8:53 | sfera.asbestgbi.com | udp |
| US | 8.8.8.8:53 | sfera.asbestgbi.com | udp |
| US | 8.8.8.8:53 | sfera.asbestgbi.com | udp |
| US | 8.8.8.8:53 | sfera.asbestgbi.com | udp |
| US | 8.8.8.8:53 | finebrend.com | udp |
| US | 8.8.8.8:53 | finebrend.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | sfera.asbestgbi.com | udp |
| US | 8.8.8.8:53 | sfera.asbestgbi.com | udp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.182.143.212:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |