Analysis Overview
SHA256
81c579ac2254d7a4370cfcdd28323ce88e8b4f8349c60f65fcd05b03f711f1d0
Threat Level: No (potentially) malicious behavior was detected
The file 7a32db50734925f69b2905c1d9ea2a0c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 19:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 19:07
Reported
2024-05-27 19:10
Platform
win7-20240221-en
Max time kernel
121s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000086701ecc6c95ba4d9740fd93ed06a8fb000000000200000000001066000000010000200000009a75475df66f6571e956cb3e13b969721d87e6fb2fcc4d4c54c05b91490273c1000000000e8000000002000020000000f113f1b87b5db39d1b0ccdd53e436ba947d30d5cdb3f987bd78062c6b42d8753200000002bb8e60270a3d9c74450a00bf0bec0a2dfff80e858867fa764eb43dee38e6367400000007ae0eeb4c72ec53b180bab74f47433537c20f3893906f7a20b09e76fa3195ac194191905d89eac60f0e1e0cc669843a949e5c53e285a6e3326ab2b8ff21be361 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a081564669b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{710D78E1-1C5C-11EF-A336-7EEA931DE775} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422998751" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000086701ecc6c95ba4d9740fd93ed06a8fb00000000020000000000106600000001000020000000afb9c91f1d857b62d52697e3821277e206caf396a379d57e60d8ec4bed146240000000000e800000000200002000000075e211f015bb30af85e384ce2edd45c7913478abe757ea760b9985af8a00701190000000791ab59b5c77fb1b64836f3cd6effb8181f49fc5606b98ae2a1e03134387a5d10f13262f39644fb4050f2aedba7b4a63abd749982d9c74b2446a9bfca92b6a63a7c04209f904309aa5817312f405c7a19de65e9509bbb264650e38a02cdebc1f92f26fa0647f8c9c0bee7ad8ff2d32c465e5804a261c019a181816dd16e06b774e2efe7f2ed1118291ade41ad75ec04c40000000f8343dbd3d7a7d275943f1688c8bf3b9a6bd4036bce7b1847e633e634dabeac9a03fb40bedd6735f65b48962cb7767eb54b802638fedc826047b58fe14de77da | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2184 wrote to memory of 1940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 1940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 1940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2184 wrote to memory of 1940 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a32db50734925f69b2905c1d9ea2a0c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| FR | 216.58.215.36:80 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab9D6B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab9E38.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar9E9A.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d3fd8d0710e5d07b044d9b6530a21fd |
| SHA1 | bf40a8c4730cec4da13ec1b7f941e36fbef18c63 |
| SHA256 | cd461a8a08906a32c46bc0a32e7c8be81ef3a9fe4d87fd22b866c825d2a4f8e1 |
| SHA512 | b4a200d64b33e8abf47c7fd62f09bf334cf24fe27c3629712491dae25493e27f70c15de0f3327d220716de350e2382d762f65e9e50914d2df6b4dd85c107f309 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17b4a6276d60f07e2fa0f46e41423067 |
| SHA1 | 06efa68e24feba1f0cd8a56ef564c2e405469480 |
| SHA256 | 4f1dbb66c5bfb71b4d6c306ee5c7e251bb5d81d88d1f5c708e1a4bbdfa2d6f69 |
| SHA512 | 61e7cd0b6dbfb97ebad4feedd66b6a1d5e670ec2a13a7e35da1b09c11ecefe4b00bff44e5f378483352c22dadb2555d5b3ccf949acc227459b68fc082096cb37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4238c9849f06d1746ce6355c26a2cb84 |
| SHA1 | 5561bd294702660bae0068824714ee6fd630aff6 |
| SHA256 | 4d2855747f9cbc9d6b563c34420e3b883e9ed63e29ad2de2ef3715fa4cbee51d |
| SHA512 | 03f1c06438462c0c3f3901cc7181d70f58b3cad551019a191b863558f149d370d4ab3c343ade8f2306ba67d5925c169fb4d6a1cbd2dfa263ca06debbfef18099 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 656b841b358a64ab4f240a7b6e9db7fb |
| SHA1 | b1401e470649ba152d3d2e76506a19dced839f5b |
| SHA256 | e16d300c9022e8f36997024ba6f4a7c731c0b37f607fce00385adf849e0346cf |
| SHA512 | f6bebf2d195e30a19693e5c4c99826766fe4baf072d21482f0e05290e76ca39bdc9a4c4e011681575271a46e7697e3fddfa207405ff05d0a767d93d3c8636983 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a35c4919237547886ac6a98222f4cfc |
| SHA1 | 313c7477147cc23d459ce0f02617bc03badcd4ed |
| SHA256 | bd1c33af029c46ad9b1ba8e0022c5d0f7d1feefc7ec7f6baeeb957fb24ced8ce |
| SHA512 | 2a8ba225ded4b9beaba511ca91721413940d76039d3bf1917dbb830695d2815ee59419a681205248cba6da2a8c2f66b4af5de10cdf9e815ba8b063ed83067cbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa6fed5af35cf6e8c0ffd663be3cbd8a |
| SHA1 | 09088ac8724a6e2451649cd5fd49ae819df9e841 |
| SHA256 | e5dd52fa44c1c01b8c1aac6ea09c8bc0d48f76ea0d6c2c380b7fe0c1e1f92be2 |
| SHA512 | 9122732f0c2edfccc6931f007f87d044c1ddd98a75720b6e0d8ed499ed5c34879f9cfd3a80bf5a09c6740995a7b7070235649fb1a0d25a3c781714c76b56b945 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 398be4cbbf8d2d86a51afb1eafe90944 |
| SHA1 | f29729b1e72f32cd7772c73736d59235dedb5e62 |
| SHA256 | b85de061743767432843e326e7115dc5c492239488e4f2c4053eaa7bbc3f1677 |
| SHA512 | 464368a583a871f47e8b2333775fd1279a234703ce5f8a6a1b433bc754a42b28a6c6ff86362a99b03e59f1f8961022cfea735077dcd48be99a61249b7ac24796 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30ccad6ace1e418895f748c7e6b44fb6 |
| SHA1 | 3b7e36296fa8b2a86a578907093044346566a41b |
| SHA256 | f24c5888fb3dfb980430b98e7f1d5ffd779f5ce8ba99a23168323931fd8cf1ca |
| SHA512 | 69d89790aac6e4ab8fc2c38d06bb2ab50a62ac588f7aea579c6bc815a6aab6cb5fd04512df0fea676b12c05f0c24a130df1fa7fa40391f694e7a5f45f1d4c2a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d958ea4f7cf30bba2574cef131ea28c |
| SHA1 | eeae36157f40b91b65d2bfd091a4d3e213cb8a4a |
| SHA256 | bac147e0b39623ae36959c23b2cefb1035b1dba8a9a6a79359c5bc66bd0d03c7 |
| SHA512 | cb97829ff59c5bdf828056f70145478b0403198a917d937bf48a6d91facb89fc751f25603263e0dba8a21e472dbdc546939334bd9d47dc72182bc46ac50cc2e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a7c62bf6763f7a4a31c0e85588ad848 |
| SHA1 | 42d7fa2c1399ed9bb7523a36980c3b353811ee65 |
| SHA256 | ce71d92a459d2ce65785d1d1f2026d8729dcb82c2afd63a5cd9d8200edc24036 |
| SHA512 | afbb8bc99928a223d982a851d590aef89468477e3618a2c2e2f8c7fe452d38567cb9163fbc1224e568042fc78f3e3e5a08070aa01af759c82fe13731bf465421 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8efbd0dc9c3456353ef47958984e19b1 |
| SHA1 | 3e8ee77f02491f55a4d77df34d211eb82752ab17 |
| SHA256 | bcbbd6f8c7cb5656ecbaf34835b4d5c392def468e0072193089178eea133cfe8 |
| SHA512 | 03e756b81f0cdcbc55795fc5e900b72dcb9a987b0b6d0fbb5ce6e04284c016894d661277296dd7d321c2539948be91db538a94ed4a1a7f20915d14c91c606878 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8444d738143c23c1d3be0d6892acb26e |
| SHA1 | 725788a693e2e4e4ee7624f8f15da3f5cdb9ba21 |
| SHA256 | f5675be5c807a451f98dd60058ac8bb9e2c0317ac089c4e5b81caec5a39618a3 |
| SHA512 | 9c6afcd207dc664a1d69a185b22b9d808507ec8cdf7d981d88ebd4aad9dbe7ec0277fb50d7c57bf364d3ac0effb9e1ca5b273bffd429e3046de4547e8a5e0de0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b90ea2fbb9ced595363c94d291cc224 |
| SHA1 | 033b5afdd21b4d38c2dadb947d7ad5f23368f4f3 |
| SHA256 | cdf69db7d58722bbf7cc5158bbbabe3c449864b100a9e548a0aaa6f10f365d94 |
| SHA512 | f7c2fbbc7093391ea7960ccd99805152d6917d838fb7052c561de037384c9444106e247a35fbbd07b817241edae08261f3bedd42384a5ea1b4a5c72593e9df62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e36bf56998bd2d0b253ec0bc1d92c192 |
| SHA1 | 5066a663261aa50f60edd6e54ae9b1c42501d24c |
| SHA256 | db7bd8db8d73129087b2b33a5071a6c7dce8e6e33bba97be5e56323a9e7e40c8 |
| SHA512 | a4b29ea9ec42aa3fd0ba48aeb878c5281957e6dc58a608e44c399ceb20f4f7110b8cba86de75d0953eb0063d814019932eaac744acef3262d17aacd6f8920d91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80ddb32caad96b8cfee13ced27f4ada2 |
| SHA1 | 1f3fa80427d7bbff1764c2346905c3f9c309c557 |
| SHA256 | b3c11679f0b13aa88ac392f79dfa77be3986d3bf73ad5c89c01be2c301f2fef7 |
| SHA512 | 125dee60e72046055a530d80d0d2e6fe84cfb8b7cf71d97a944e6c7827b288f978f53c96d8e7c103bb6f00de5899f891f82916409ac9388e4f0a2c2eef5320ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca158bf410ca3b417943f1685b90bb18 |
| SHA1 | cb692fbeefde6ef0938c414fbafb33ff21080ba2 |
| SHA256 | 76dbb1ba61a8c2f1264c1e562150302cf13a6ac32e657bb123b1e00f3329e4ab |
| SHA512 | 81e082f3f8caba857a54c0a988e1b8111b36313a0b1d6d96fcbd43394a1dec7ccde13a76bf353dba68bc9976c0e2a4a619e37d2396fd3f0d30448326dc8f35c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf7fbd042204ff1b83600b8ee033223f |
| SHA1 | cdc4d90c30ca0c61d0f1afabcfc7262f220a5367 |
| SHA256 | 98b7558107b1104f981edefe3e99c6f5498ea85e6d9a0c7da5a2afc3e25cf8f6 |
| SHA512 | 1805c0302c81afe57047a9b13124a41506341b3ee1a321fabcf4b99e89637668a6c38ba1ab558fb5d1d0741663a46f5e86d80f8d3b6b6807aa0994c83967ac49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cac52812954e3fbca716bcd96659c8c |
| SHA1 | 4b291bd0381336ff8ff1d02d0ae86ee9ec80c7ba |
| SHA256 | dbebb60a9075608bbeef5f58c0bd79b29235f4c4c488970484d42404c86e5899 |
| SHA512 | bf00cf85fb3e9b1f92af6630d3509719ee0b87100bb5881e0d555f15d9fae5f0cbe853bae238a291599b689e3c1340da3a0f2cbf8c9817f75e30ef0ce0016f13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a49ea1ff710527452c751848a895d5b2 |
| SHA1 | b8c4328c937bd1cb2eb80d081b1cf99075afc1b8 |
| SHA256 | 62e18fe780c6b3e0077e9a3482e529ac51cb343f6937724a1cd15b63f29ddfe0 |
| SHA512 | 6bead82056c5267a4112372b3913aff40614c6c2d4a856d48552e93a7b109cea9ba35b1f8971f5d168fafcbb05c6854017f2f285b90dbe368e6e3b8074d6aaa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9c2a9bc48d685904b5aa9787bc655d5 |
| SHA1 | fbb20e67567a1f3a97977440406e8ccb1c01efb4 |
| SHA256 | 37e7de1cfb131f2c406ecdf998e86256b16879f0e206de8c879be0fedb661ebc |
| SHA512 | 1777e4cbc521efedfd6fcc6d39e9cd57c260e1a2dae2ba7d62d089ff7adb05f4310e1edd62bfea8f02624a8675c3315f15190303109611f4523480e013e0994e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db0d78a5abc85abd6e9d573b20f125b8 |
| SHA1 | 242b62f22bd28e00323bf832f5b7b5155f2f65ef |
| SHA256 | d66b42fb1863e59632a773d26dae5efc9d5c0c29bae2f2bde3fb6f3b9ae14532 |
| SHA512 | 576316b871bc14673d66a83bedaf91e9b291c8911047c4943bbe8fcd84c30003c7ab26d95615c00c2b2ab203cdbd5172235e1e5b6af471eccd92d22b5ea79b25 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 19:07
Reported
2024-05-27 19:10
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a32db50734925f69b2905c1d9ea2a0c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4020 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4620 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4700 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5412 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5808 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5952 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 104.91.71.140:443 | bzib.nelreports.net | tcp |
| FR | 216.58.215.36:443 | www.google.com | udp |
| FR | 216.58.215.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| FR | 142.250.179.78:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | acc-issues.solutions | udp |
| US | 8.8.8.8:53 | acc-issues.solutions | udp |
| US | 8.8.8.8:53 | acc-issues.solutions | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| GB | 142.250.200.42:443 | tcp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.71.105.51.in-addr.arpa | udp |