Analysis Overview
SHA256
8fe4f1cac4e4ef716e927399a912bdfd6bc361654baed521cec2b1e001e7dfc1
Threat Level: No (potentially) malicious behavior was detected
The file 7e4858d873ea56d3cfb98cd0a198b041_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-28 20:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-28 20:24
Reported
2024-05-28 20:26
Platform
win7-20240419-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000516976e4fbcb90dab8c204ac0c18dfaea47310a752aa0698913aa19f0b0227f2000000000e80000000020000200000000be999cbb0824ed757c595734bf4989bf62860c9162be30a4a45c255e6c5864a900000003fe440b2c56f05825294d1135c233adf21380d47ed660b4f46d535e52999758716aab1670b7f2d76aafe7564206fa2bdab777c48262a80ee98deb468ec74bf13859a8d3623998a4f367690474984dceb6a45dcd34c8956e721d7520b09ba9db24ec9bbd79fd4f068f69f3d390b0e49f3687fb32b34f7b04405a308d389741da1b3e054faaefbf34b9315dabd644e1fed4000000016bf302fedda212eb4319724791f37025e46f5a4ffd910385ec14149034096e1908e9decfcf28066645a00ae2c85035128b48972c7c43281c0b006ed22cc0193 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42904EA1-1D30-11EF-88D8-5E50367223A7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b06427173db1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423089726" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000002f689ac96bf42a087e0bd4d625503b00ace8bcd086484d3fc3baa7821ee02bca000000000e800000000200002000000080ca32ac965d4585ca24e2e01f41355683c031f2798a0b4a14c429959e7e8dd520000000f70fd4924325f81e909312583c3852e073621a32bd9f81659b4ddea444114a4e40000000a44e1cbdfab7e0e1670929254681a32fa875fd1ec155cd442fa273054114f45a2a7fe49fe5cdd3e2edd89a05cbf06bbf161dc716078fe66fd849c23b6c9f46b7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2396 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2396 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2396 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2396 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e4858d873ea56d3cfb98cd0a198b041_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab231D.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar238E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da5d81613fc2052037980ea151e0e318 |
| SHA1 | 134cd28ac8d4eef907cbc96f2b4ac15bebd556f9 |
| SHA256 | fe15a8e4b10b0f8c58b4e420483e8d53e2f9a56f6ef66eaec022f84b95fe1f50 |
| SHA512 | 103cb29242e485c187e2830b974df77e3911d3a2092b140984a314fdaf4a51421c00b6bab28edd88e8b83232ecf52ca59d8c5b128f9e6a34da30719e0126fb66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecd606891ce4dbdbafb27ae2382fef16 |
| SHA1 | fbcee66a4a4219b886717b9257c5e740aef2fe15 |
| SHA256 | 755af85e8721addab3da03cc46a4bb8f2d5b348b8a09ee9e8938bdce420404dd |
| SHA512 | 9f57bdb4744beba51ee246c4abd4646103b0a9b6c42b9967a81836e38c980e97b0a833d31884f20e4ec038444f278da96a48683c070f90a830b2c2ccd5e43e16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 132febf7c75c10dcec798c336cadf488 |
| SHA1 | 1a3437e536643dda11cfaf762cd69319cdab7403 |
| SHA256 | 609c3aa349d6a552c67d405c217c6fe5ceb92d6d171bf68798847f24b9814b5c |
| SHA512 | 3d3e9ce00a97433521964d60aa78079f63206641ed094dd9c8f864d31b11386c913c43095556f4439be718e0e49c3f1335b2b64e765e98f1988e64e0ed312863 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f9756e288bddfafab8d12451d0ad2cc |
| SHA1 | 712c078edc5736536d1d18bd8bbbf19b92a63f5d |
| SHA256 | a7c016a8ff98a2a1d693318286c8139a387586b546eacd5ca011942707557311 |
| SHA512 | 0fff28bc2db688b2a38e94a6b4b08c1b718551c7362e4c0347085b5721f5d36f70b3d268aab560abc12ecead550e230d158dbe578a28aa6598179ca33aaa58ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c34af8ee272ce9fe1e308c95056091de |
| SHA1 | 662a80eae7a04fb230600e8cedf40a4de8a86257 |
| SHA256 | a7f0aafa963bc835c2fdd77e0bbaf254a3a28299f6fefea74fc062d91e54524d |
| SHA512 | 33753277ba940cba6613db5cdba88fa53fdbfcfa5a983fe99211c537af7ce8e2e3e8d720aa485b7d98e3267e121be96afbbcd3edc02f31af1599313ffc72dcc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f4a464f590b970db0879c057fb75724 |
| SHA1 | e2abf99552f92b7c28f373fbc7defaa24caa82d6 |
| SHA256 | a59a1b1a8626887cb89c6624454ea2df8eda467f691d0dc825bc17689c9e9ea8 |
| SHA512 | ab84e0feb569feff20decec28c5c6dd78db1ab5cf9e113f7ae15d519ef213e9efb111a11f5843c973ec64308f8be35655ae343e5dfbdbf9fd4327b0499428b3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 435ebc884c8068bb0fffd86bc91d42e0 |
| SHA1 | b8145d5afa4a3e9bdd8c8a7a50a0194032904c30 |
| SHA256 | b99da8f58e04ff02f8835d6f676499285454a7d181c9284aa403baf411d01b5a |
| SHA512 | 96dea6f5f9f28772f6bf9b6a8c1ba6811d8cd418d3b185a19908867e849936dccd7d6e518cd36ce7146bbdd8d7f4adc2c028088367e3832324e8960dc7db5eae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74f8f2865bbafe2a32b948da49070428 |
| SHA1 | 4a90d7a4689619228f28d9ae63d9850f2c3abd1c |
| SHA256 | 0400e9e84fe7efd68edb490896e40dfcca9fa6720bccbf9287fa5d1b9584c7c1 |
| SHA512 | 74bf7e1b51fe19309eaa412b3950ef23981079881ef2abdec1ae9d2be5781b35a38e70c1d75c426f1142f50824078efc24c4d46d95b9ca662a8e5d11c1ffbcd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b015ab6a7227285b9453d81abb7816c3 |
| SHA1 | 318a6863bb821f8078ed71183deefdb283e01cca |
| SHA256 | 3c0d9a8cf3595611db2d0e4374993bb27b236b4818c1799798235e1730e314cd |
| SHA512 | 74e92d822ac15bd31cbc1c70340c908cfd56779de1c2984de8f797eb72ffe3de53fb92ecf8fedab66702cb4f990bc2d4db2e8b2c82dddb3d437fa4c9c8067ff0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b696497e88a31fc2e0ca77d719a454fc |
| SHA1 | 1769f8d9b1309bb860e11ba565fd932228bebc3c |
| SHA256 | fbffd91330ec4a771aa16366f894a17b97f1190bfaa9c8c4b1ec21ac23440e63 |
| SHA512 | 50755adeffa69f1dfcf6f7c64a0b7f93729360ba6eb4aea0222a89d81eb64bc4ab028e51978ec4e72180a49623e75329be27a2616eb87f946f1deb55708acbd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 824ec5bbba26da5b36705d54df03032d |
| SHA1 | 378ee2ff46d27e15c5f4e5f58e8aa54bf0120200 |
| SHA256 | 03890540994f82c7831cd247de9808882fb5195701d5f179861720b282d2312b |
| SHA512 | 16a241dcd2fe994d9fd96ccaeaf7fac15d1ad4eb5f1fbed42d4371706710707925e7cfd49bd75e5963ab97eff1d8d2520a297b222a014b3a3ef17ee2247b45d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 549614a3ec498d88f87a7c3ec0a2973f |
| SHA1 | a9739eea6643944d6d5026336dbc83f080b257cf |
| SHA256 | fab98519357a83deaa6d3ee898761a5ddd14dc748948dfeef464e9c3c4110179 |
| SHA512 | cc859fc894566829b28ddd9012606daa0756207adf7d5b4951aa767ed941eeab2a3bb7b4b3d0bfe97f658bc3792e7c2a82c9392210555b45a7b22b2bdbe91e1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae94d2dc3f643d4035cfeb97f097ee88 |
| SHA1 | 14a3127e44e686021d7c5913710d288e28f8ce90 |
| SHA256 | 7115f958e8fbae1ebe801516de7840df4c83ec13d7875d2c2fab42eb27e81ee0 |
| SHA512 | 541f0e47aead7d6b7f6e6251b8c372ca905bc2edc237a97023c7cd996d4432ae9c519119fa87b6bac97a1d092306b7072707a42187d06a2221abca6912f276bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39cae93c5262b47d2a499c17f8058dd4 |
| SHA1 | 274afc4d6abcbc825536cc1cccf5ac29e5e42ffd |
| SHA256 | 2d55e364d6aaec9a6f3fa4a6a83fea115ffb65590e1a85a2a75238ea16dff753 |
| SHA512 | 5dd01eee33ba540f3d13c0f5d3d3f2e2e0a2391aae49d3beb91e75dea7052f9cd392be0cfc8a88980fae34619e31b10603112e5384ef02d3ee4eff6dc425f5db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 109cb23f634e51f55280d9c943de0ac2 |
| SHA1 | 8b31eb03567635eac6260ec2223d5d017c331cb4 |
| SHA256 | 766045c5501ef2fa7fd91763babdca044e5065eee9592b8da2c9fccec3f5924c |
| SHA512 | e9b560376d2d48f48fd7f6e90cdc103a047672c96f9660371479f8087af2ab0198461f3353eb098af8600938599973b9a9381287400d0857d849468e27c3beb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfe0478fb4468664f24eb894e6db2eb5 |
| SHA1 | b0f1d9a91588f4730bb97391e5ad032cba142e7d |
| SHA256 | c75005eb0a341e121b16bc498b330264760c6c17f13642653b8ab932d8f1e8cb |
| SHA512 | 5c1a9378e64a788fb416cac6cb5b7ed4ce714b4fc40a2556341f9a27e5f79631f411c11ed6121f2a24e228c81da5c95116dbd1568370d7af3819b80bd9ebdc66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b554455ae27a226acb5dc48c1326d88a |
| SHA1 | 81b37b6b757026010e2c770e0fc836affee97e89 |
| SHA256 | 7c76655ab3cf9c0eaa32bfcd753f6d9f4d11615b64b5c2eab103c02b9a941fcc |
| SHA512 | 30e0b592934d2dd48816a01906729383012d85ca3c03bc44b7b9fcd1bfae4fcb3d6e6aec92073384f0f5e00d268e88ca8c0c20a93e2e0ce2babe8226d7f70558 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b19dce2b220afe66bf4d247d0e5d084 |
| SHA1 | fe873909f9d04fe537c0d4f70834b5110a093131 |
| SHA256 | 92fa7560e475786152b3b02dc96c79835d5fbd1181268a2b7b5f6d178da4f5dd |
| SHA512 | 7611f2da2665f52ea0711e8c2dbf26d7a1dc1a8c73f6eb4f01bf410ce33a193c81fc5761b150ac5b4b6bac997bbf57b9eaea973455a95aa5a90bdd443a16f266 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e27c87b444c7ef181d8e86401123f70 |
| SHA1 | c5102b1ceeb572fd28628b039a52af4abe2b5183 |
| SHA256 | 29ac97312d4e8410fd13f9c939dc391deadf53a1f11f578ab806f90aa3621f9f |
| SHA512 | 5cacaa51de0434aae0ee5ed3d407147a37404de4138df999a4fd245d02176afca4306fd18c88b184bb302cbf588cabd99a3c97cf9bbc7ec4a6cdb3ae71ec6f8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8826a917b3970163feca80a7677129e4 |
| SHA1 | d0cb09ae7e06fc3a543c4914c043e8015825f59e |
| SHA256 | 0c4b0b587381b0a9600e6015fe552e2af2094a59116ce876a0eeba372c6695df |
| SHA512 | 3876f4e5f270427f4340298ad6978d30d573716cfec4920f2fcb388f327c99ca463e9785aec5d4773ccb0b120efec953b845521193582963f53bcd8941d00f00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27a6d31312adaa8766e0d3605f1a90f8 |
| SHA1 | 048d7ec494502ee16fb38a9be74de65ee478629d |
| SHA256 | fa66afdc995551d6417af1156eb6f740f2797eae5fe9eae1c4d0f9e9586647e5 |
| SHA512 | d3f079514b80ab7da31c2dfcf0888fa3af9b59fb3cfeb7c90ce3a16ecb48f98667475784c19fd44515dc0a00cb918b5d15cf69cc67f5cbe7bf436bcfcab33f31 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-28 20:24
Reported
2024-05-28 20:26
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e4858d873ea56d3cfb98cd0a198b041_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3776 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4908 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4884 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5520 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5944 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 2.17.251.32:443 | cdn-adef.akamaized.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| US | 13.107.253.67:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| NL | 23.62.61.163:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 163.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| NL | 23.62.61.152:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 152.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |