Analysis Overview
SHA256
6a1da360b26f19f95d48f56aa39fd69ebd376910dc0f13a8786d2ce384310c52
Threat Level: No (potentially) malicious behavior was detected
The file 82a2fad5a6723990c5443b9608325f30_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 01:22
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 01:22
Reported
2024-05-30 01:25
Platform
win7-20240508-en
Max time kernel
117s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000b057b148f5b50c7a0e14295921f1b7267de80ece576f4d93297479be5658feb2000000000e8000000002000020000000af0ab5f5a130811174d46b2401dd462fc91c84f0ee793451bcdaf585c824734f90000000d002987c87047988c23d465c1530591b81323ea1b9a4625dfa2a259109942f1a26c7983730d288c5cce71aa6d9f8ac31c4642e09861ba8ad4132fe193bac574ad3efc9ec5bf4229686d2cd006b79ee1abeb699f718a78e584d55beccc983ba8839fec5831b27bf7d127b84c8a2d935f0f1874f4bf7e987a292375bebf14b6526405f4cb79fae1588e69bc4106b4a0ce640000000bd9eb02f7a1a039769c1d8df5a12210cdb8a013dd2d1b74fde4c0f3c16d217d780ae8723178a79df47f911c9d60cb99a9fd7dee62e5c22077f3a914f0a84972e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000009b6f127977e511f2a7c10047439f11bb9a26a940bfac536dfba7d36bf8d28156000000000e8000000002000020000000c39c8f642b18a7d008737c63accab9c2ed6ee46a36f0bfee12e3d92874339612200000000a55a4958b416ec248ad7847566b8666f6ac67269520a97f66835e6d902933464000000087cfcfefc519affa4a31b73c0ac43f213a1cadbe74e628dad7f86f28f3a5e2079d0cddf5b66a718983a72460bfd5289949d57fb80f21fecac7b781286f56f555 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423194048" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4065b6ea2fb2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{27417A91-1E23-11EF-BE4D-CE57F181EBEB} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2120 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2120 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2120 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2120 wrote to memory of 2092 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82a2fad5a6723990c5443b9608325f30_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3391.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab3420.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3456.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b325c2f0b81496391d132a1d0cacf8e |
| SHA1 | bca61aa5c47c057de9ed3f68aad9ac2c7407db6e |
| SHA256 | 5ca4d3c3b494316c0be4e58ef434d664ee144b26c1dc86a40db27f5e52d07183 |
| SHA512 | 91814562aa18076800e7dad296365f3b36d206ad53f9606e0857bb940046d0e4c0278845947b10743442b704176eb6cff9bbb7d4ab03f932d63c9144d4c28f39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3378ee1d85b115e1b4ef78ba21581771 |
| SHA1 | d9f454ed728210c85ab5ec225006ebb3de766e52 |
| SHA256 | 7a33619877fbc3066b7c254196fd9da53bb96c230a95cbfa7cf6c56c8df98bc6 |
| SHA512 | 0c73d59e9799ec413e8b82760f99fbdab777f48aae47de99640497bb09dddac6d7501e803048fa0954e14988caf73ad930b54a17f35860af391dce9b765d6c63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 540479336e75931eae215b67af73d7b3 |
| SHA1 | f2e74794f4589a4374ed8291a3a1f6cf373d198f |
| SHA256 | 16e435433505322cb916888452ec93fc2389c6c2caf1664313339ee5a4419728 |
| SHA512 | 4113f4e701e58323f9f65bb10764ae1c565d2045c01e263dbfaf6e77559a26024e231c38238fff82e5a6cc768f8ed403ae16f4e09221cbfff6cda164a3f01dc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b3f97909850cf7f24a0f6785199f86e |
| SHA1 | 71cac4838123ccb7453bfcc5d28f9ba66d0e2bd3 |
| SHA256 | 6980d9538bf3bef2d75c3de05fa370ff23710f7d1fde9f657cd3eab1e2c54a63 |
| SHA512 | c1c954214f9cf9dc9ca04e0a2214fb2c878a1ebad9849409bc85d21e49858e1e378b8622f2a0592d32a12f5a95fa8960e797f8962dcaf040f5fd928cb0074f61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a9933e5c2f57acb8680d2e1c545e718 |
| SHA1 | bdedf7ff29f2eba9f69be08f11479a41cefc5b91 |
| SHA256 | be0b1c42c1e46ed8586cc95d957389002baa7c77e2fb3e56d7e36a032f52eaad |
| SHA512 | 076e4c327b37d792c6070a0bfda252b6042e9f8ed033e07e640d646d685009b5a457ccc2c61a2166020f1d1db88cdc9aa6577a81a73c634ada4c16b9624a2a9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4050173de9038940348b2c953bafa017 |
| SHA1 | f587f9bb8118e5d71262c36b15c1becdede38a32 |
| SHA256 | f49d433539e8ab4ad40fe37a26de7ab216de2e44a9311b33dc63c8b672a317ef |
| SHA512 | 2e278c661bff380f2fe3aa4f8f03e45a45fc5d1e4cdf0a95e1962553a2ed07de4865240566d63ce2e382f6a0b71a9d1da9f073d7a757cf509eefbb1f0737e288 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5aa0859e073328bc6f590886be79fe81 |
| SHA1 | db6451c9c9ade2ff50e6c910988ab23697df294d |
| SHA256 | 458db00c63f6e94e3b7211c19b3cfa808131e0a5173f16779bbd5660c0861ef8 |
| SHA512 | 057f05db31fb359c77001c70680d40e681858a2edde86b95ebae3eb3c3dcf6579575e0bb3a6bdd20b721c71adba4988fcc165fc9afdd961028745410290d8de2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c98cfbd363c99300c59e077a60b24e3a |
| SHA1 | 8aa7174d529f762e49cc54fbbb5cb83d3b329ba0 |
| SHA256 | 70bd89acc055d93b27fb3fb244461e834428e352d36345906f5f7a9d62f6924a |
| SHA512 | 773ba2d7ab1971e2bf892f4ed587721229e4eadc8a3dfa60b68c073c9467b40e8c01174af5703e0f62123522e738348838a2ae9e77bee75b5cccc1535b6f6fb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 02cbe4fc00c2b20b97e5f1bb93720fbc |
| SHA1 | 869ad1a43e83b7334d3b328eb9499087a3b275ff |
| SHA256 | e99bedd761b610e8e93abcaa54021d6773942f746e9a92b326b6d6eb07ffe4bf |
| SHA512 | 44f6f2534d622c5d6581892dc4cbbe01cf1ffa757de2df81f947132bb47a78cf4e3322875f78083453efa56fac19d0236138f8d0dacf7a114c007c0260adedde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af7f2959b16b1bbaf1345d7ae2788b2c |
| SHA1 | 4c02c0c9ec0f1cfc4f6ed59de987487e04806191 |
| SHA256 | 957b592065005bd0537182bc1827d9a6f571f1c81be7bac98f6b00478894c863 |
| SHA512 | dcbab9091503620a5c3e2952326cbebbe9690e28b8f96e5057de0ae51966c697e4458517f006e99f7506a87cf1bd06234c9458a127c4da8d25b9970ae8e82575 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41be34c96399ce0f4db2ba3e0ecaa0c9 |
| SHA1 | 8de622982f83b913212553e184d7563e563c7b95 |
| SHA256 | a3850757b7d2543e74b944331252ce76e0eea66296d1d45a1d3e69967d3f2d16 |
| SHA512 | a3525d3f6158707e74e44cb40b33628e0a37adf6206a40d4308ad7b54113123d6b85e3dd7bfacfdc440b737d1be923ed4e0f97caa63d87ad22b47a8eedbadfb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f19aa611c83ffaa18eb409de1a76b048 |
| SHA1 | 61a12e96e93222cc16f50e1ee198acedfe339533 |
| SHA256 | ed17fb3251cbef10e698d85db4f01fef4adc29c8b7e959cdf3c4be541e0711b7 |
| SHA512 | ea295c4574747e5ecddab951caca9c2c9f99c7c134c978ef5319bf709c9823d82c571d17a710d0614c2eaf566c7c01ad8da4503efa25d0a95b2e4e9f562149a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b27f867ce50d8b25b70f6082bcff40b |
| SHA1 | 94ca25759a14ecdeff79706666083f2ee1e24026 |
| SHA256 | 62159d23813950f3396a339a0de63fb6c91abdc7dbfae11c464e98a427821ba0 |
| SHA512 | d1dca68bc404428eda75ac5c6c188928183c380e05adc2a88243b1cbe6cd6d9b0c7e7dbaa3bbe11927c77df00ea264c95c50b4034f02c6675ae67908f3921612 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e16faf7ffe377df42d291302b9558f8 |
| SHA1 | d06c2a23833c993cf0abbe880814784938e2f96c |
| SHA256 | 274bcf903b505e258fbbd7e0464197b9ba8f80ea67816a6afd0c3fa624f60cea |
| SHA512 | bcb436cf580abfe8d7f2f30e6623be4a22310f6cb952537f2280c2f5439d876c3073bd0546abffc1e636caa140dce4b66fb4f137927c569940e4e16ff51f8e74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 533fa9dfe14038f34c81f1e7fc0ca835 |
| SHA1 | c5ce043eb31e739ce13e3bde129efde649968212 |
| SHA256 | 32cb6e63b9bf5ab4ae28eb4f7cd6e1a39937ba63ae25fc6992c3b59ad464a34e |
| SHA512 | 11726f67b1d3c740d4924b57e808e261b63e28765b1cfb7a95e348a1847c3cb943c9bfd2d755cfde209eba87fa2da96e51f9b2b0cfd5c1bcf79b6455ea682c1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ef943b051762b863b5f01b06140c48d |
| SHA1 | 11025e24cab29ae8799f4eaf1bfe7550ed11956d |
| SHA256 | 5231f2bd57e674e9b8569a393888672cacd02dbf833d1dd2006d7620bb9230ed |
| SHA512 | 66b65ac4b46aa9a962842c1a4175f1ac4dc3614e2df82ad480c2c7f4e9229124f77135c8348b0df29cc703d6b74b16b39d38b635c45e097038cd61400cef45b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 074b5d276097f2d8cc577648761146dc |
| SHA1 | 3b849f2982df7098e6faa3fd9f2c17987a00181a |
| SHA256 | 672be68bfffeb59bf7e18fd86f3cfdfca1bee6e749885eba8a9074ae95727912 |
| SHA512 | 3065a261b1879a050197e57def6c23d825ed4062a17619ca413093bb930873a3c364b1246f21621993ae3fc464f75ae27b04f9cff1a9e0c7bacaea3c0eced0a6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 01:22
Reported
2024-05-30 01:25
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82a2fad5a6723990c5443b9608325f30_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3916 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4932 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4988 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5332 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5756 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=3324 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5680 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5308 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5688 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5636 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=4988 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.180.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | fast-lost4tmz.world | udp |
| US | 8.8.8.8:53 | 105.193.132.51.in-addr.arpa | udp |