Analysis Overview
SHA256
acd60f63cefada6dd2749ba32caed934f04f9f1434c08d346d226a5ca3df487e
Threat Level: No (potentially) malicious behavior was detected
The file 84624011749b65457a6d8301ed528cd4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 13:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 13:56
Reported
2024-05-30 13:59
Platform
win7-20240221-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f81e96d11613734aa7086727dce7c14a00000000020000000000106600000001000020000000783445042473aaa181d0ee9f5ce9994cfb76a0a143cc810a207064152500caf9000000000e800000000200002000000096664cea93be84a02385b361370a64a5fd6b5d59e112065a165f720b03bac84120000000f0d6d79902061ba548ba78a026fc3abf60eead12821c56204b234a0232c5b939400000001b245478e54247bd03a39237b4a25b7d8a73e0e8442abc5283fe683de7b2c0fc82dbb39f0a8d7eee653f0c399918a32d36ef54b8f37af6120cbf768c7f911751 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00b535499b2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7BCE19B1-1E8C-11EF-8E23-7EEA931DE775} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f81e96d11613734aa7086727dce7c14a000000000200000000001066000000010000200000008e6e8aa24d87110a7bbf90a42d77d7b10d21aff377069a8cdfe75ba72ce556fd000000000e800000000200002000000028d7e1eb9ee2904ee90107a05c442f6a2d03fc50a252eefd51c1cb6762dc0c7a9000000056f0dc1b226beb3dd1288ed2809830158fa43a4433eb44acbf60daa87aa3df42492a77a79935e1b62089ce8c2878d0b5e5049ecbe8eb9ad29b9bd6fe070393b43db24d04172fc9139dc1a04b31165841429ef30b243fb1d169d4ea1fc5c0b7b172eff40925550e206f2bc4b1a865c9852a4f19d893be8d07d4d63f77411406db4d4f7ecce9160bc078e8b61352a9d629400000005c6bba682bbc87eea3f417e0641d1ea5a61e5a423eb04875ad85f708b435b574b4dc0e6710a1076957ba365d5be19c5a93b62f16e3e99855daf29227a6c8b40b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239287" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2860 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\84624011749b65457a6d8301ed528cd4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4C7E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab4D6A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4D7E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0120c7a0f1947e2972a0949b435580fb |
| SHA1 | 12ca0a42fa04f713b96817a75cae413fb499b17b |
| SHA256 | cadbd4e9eebfc000af38773dc5ad67ea0b71b8b3b3da46c542da5fcec932b087 |
| SHA512 | 5fdcba85873a41312c333f31e84063af0e25421539be26a687a3fc14a7f467f642b6908323242c02888ffbc00452ad4c600c1221f3a3448f6d8f5d03c52fddc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e43621e2b9806988e7f568130a1c6f14 |
| SHA1 | 9f1f1c4ee96a1fbefabc669b755e93deca1e05da |
| SHA256 | 51e5eecedb33fa8e8f10bf333987e998774c7b096e3a2558d78f097d9378efd0 |
| SHA512 | c3a9b858393b73fc652f09c8313af83a56692314e74bda1491a082831aff3270219037e9fb93247a317e8bf29af1e653d6b88f9a75064e66d3f5c52a81e4997b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c05f030cf4d696ab67be560727bb063 |
| SHA1 | a26f0e4a1aab5a87727cd4201305e315a636ff97 |
| SHA256 | ac4a244475fa09b07b69d0aa1a85e82f671f7b77fd5ac02b759c3345fefd83b8 |
| SHA512 | a2d21d996124185fadbc8c55d415a59dac07524f806c8dadd8c6ff4960f1bc3bd4de200dd9c14d2f9ebe0a0838be6289028be992401c1e4101c145450e5472da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e2b22761ec55102f6b2d73b1bdab664 |
| SHA1 | 6a4edf7f937ca7661764d0453ceb35f0bcc4a8bf |
| SHA256 | 7cb6a8fb6de8a0ccf24a2f702d16ae36d594a4f1d4fb3b70864aee96772ffc3a |
| SHA512 | 889309c99808245ec2e04795a2782b0c4a36dc3b067df2f5fc515956a2e24b9a3721e4b26900323df16905a3bc379afb63caa81443063b8648e39a58b2b875d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f00ff5e8aebd78af3d8dfb98f28f12c |
| SHA1 | 88867b89633de466a7d029d23fbd3a27d0717647 |
| SHA256 | 94361c1423d7b09794acb800338d0aa5e6b2508f93af71af7272de2975943549 |
| SHA512 | dedd06b6cbfdc59149ae86c72c3421444a08d592c65eff6a7e0c768bf1fb73b2baeccd3dd9c518571aa4f576be9628d8fe5ce120c44363728122379f182dbca9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 423a5a6d8398e6383166f0e905c80638 |
| SHA1 | 7a2671928911a6a8da5604ca4d2035df77c862d1 |
| SHA256 | 40207f11433eccb3e2e2f0871405712c702197763c7376be6449aa39a63a207e |
| SHA512 | ff2770623353d27d8a1fd03851c7ebffd714459a45e95011de040059e522ed6818a706a8b99100353946117ca4a4bc82047b734e0a19f8c8710fc0d567476663 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f8ff6fd73c69b24752da7a7b04d5922 |
| SHA1 | a84ed2ac9beaad06d0d1c38d91b0032817bc1601 |
| SHA256 | eb3b9fec398f9e5d85d6a09591026a102d263679b2c3748ad1f528c646ba84b5 |
| SHA512 | 97072a56f54622742551e98430ec4f3862c5936d0ef6d38d9370c9437f5d12fd6cbbc25e71732183eadd215412d4c2d1a33e31eec11a06367005925e459a8eae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13b7d10d33b02e61ce367207f3ad83aa |
| SHA1 | 29be25db4a812abf0c201c64e172f335e8eedf3d |
| SHA256 | 25680003fe512c292e62fb3a794c5a7268f38f137b86bbf68f87d420d9854d43 |
| SHA512 | ae487282b2b1578a970c661f4e0128de30cf9b3db968c154a26329f090a14a9b2397d76f6ce469c9992f0e79ee9ec38aa0e35c00855ee01d944d234dbd3d8097 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc1eff57525470e37d019186b968a913 |
| SHA1 | 042feec9e4866d836947bf3acca331449f60daaf |
| SHA256 | 3c62212bbbe660373fbc2cc6558383e4ff71f0a0d159104879491c5d1dae87e0 |
| SHA512 | 364fb324e7e87284b0de80f5844afcb6dc2b9aa57b51668e52ff7b7e4c8f9f23c34dc363f0ab81d4bc054e0c6e9224162e376fcd6592ca8fa18814c235ecfa64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3519f703c3f03a88dc37d06eaaea2e03 |
| SHA1 | dea513580166201942639ca7888d066992f9b20c |
| SHA256 | 92808a1b486f80f906cc104e33654880e8343b0935287e57adc35312d82047fe |
| SHA512 | 501445ff20f5d0ec9c87be652a5340d9104dcb91de78a8755e34064db9c8b778560cebb8d4a85be1be45e88ebf357444d9aa31a10fafd1233c494db9e95ec935 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9403e1b2fe0d805547e396b0fdbf40d |
| SHA1 | db8fff6cd5f2fbbde74fb63ce8ec275b6ae74afd |
| SHA256 | a249716e1f90898febc8d17010fbe8d55a2ea59e9248a840159f87fb2911941f |
| SHA512 | 32761801c25e25b625b93f3e2074a0cf993a6dafb9496745e8e9c170fca560320bcb15a1f9878b7ff32f184f8d96269a64151473d8917a4135a3d5d421150320 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a0a89b29c3f0ac86524b3353f1290c1 |
| SHA1 | be74d2a558c2b7caa94de828d78841f1952ca5d5 |
| SHA256 | afe88dc606d198fa34347ef7f4f31e2ef3b2ebbaa10b185c19c31cbc0a77e59b |
| SHA512 | 41de47534b2ca7d9a952f93f5e29d7c903826149448fbf8307358a690a34a2c718c605363cfaaf03e26ff8186ca77eeaca7ffc064d84ebbcbeafe3abdfa93f28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbf8b88c4ad66a09b0543e3613a7ae49 |
| SHA1 | 5c70cec0e0e710ea6df7cc2dc28117a26380944c |
| SHA256 | acd605e164f7c39424816b88e9a0d3c77f27da1249ac8a2d81219a70018d5bd2 |
| SHA512 | 2b2c0b9c9ff540b4b388a93d59e397eeaebc639c170dc449ac13a7fb0fa659d0c1b54163fa9fb9259d3db783b6f5d6bedc2213c64e02f95cbafd1a1cc67ee46c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8d38f4a83f0e9af6b61b54cd0caa275 |
| SHA1 | 03c745a393f5849a5f05aaa7b59262da23b37bc1 |
| SHA256 | d2a7d7708d85a21813c73dae9baf683b8e725d99c643e704450c799b57a1e2c4 |
| SHA512 | 3eadd216c02b5e8dfaa8a542d6f030a9210d4af2e7810a02b0678645f084e89af30cd342f3cb897bc041e6733c7b55f6e4472a9e347b84d6d3888cf7112e7858 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b82d2a4274d4dc358506e3982346532 |
| SHA1 | 2363aa1eae3ff77926c7663938bc1ea919672ab9 |
| SHA256 | 57802cc00351d163b37908a78b6749c4fd8ecf9c2356583f07b9ced08fbf605d |
| SHA512 | ba52f87b87a22f5efabaac89f0aecd5a280edb8d8ac605f8d5bcf97093997cb7905a268912f0c317fedbd6dd05f05b2640bdfe3f9ea7852f61b6ff1851d1b323 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82dd82d9cd9d7e2b2a86415aa56e6c30 |
| SHA1 | 065567092e56a4383ddbcece4389083e331bc583 |
| SHA256 | 03d2cf9f3be520c47d06ef0661f2d18c65b099d2c0b6cd0ebe1ca474d603f6c7 |
| SHA512 | 19c100e60fa84a4bd3fb5b96643a1afa525240e0fc9a20ca9b14e40883fc2f58136dbe59114528205d2624ab5364956e99301809c806f5c19186d642ca95e0aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcf624cf8e5b810b1c04827fba0342c1 |
| SHA1 | 9391b1ffeb27ecb68d56e94f326196831dc6a656 |
| SHA256 | a2287969afb1210f237f40dfb4c245f6bd3273f87663ddf9ca3b736ebcba7ac7 |
| SHA512 | 1894449f1a2758f1e469ba1b62cbc7dbbd4e364cd628136d7c4a153d2e3f84be05c4e8933651627f5d38bd926cfdf99cde867719f39b446a2983ce690de7db33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9807d9414bd189497f3e22b79a05a894 |
| SHA1 | e0bb0e33d56ba479b115d1a635c9e32cfc50467e |
| SHA256 | e86607ae32f8eaf1484c2d29d12751967c6048d5acd5b513441be53740bcfe58 |
| SHA512 | 5045abc9b59c99e7b0d4dcd376432535306a853fa7ba960dbeb4ec5968b97c0b2132b2c120b825a15f5657781d067f11d4977c3f1d32f99dde10da17897c697d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 13:56
Reported
2024-05-30 13:59
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
154s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\84624011749b65457a6d8301ed528cd4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2472 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4344 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4284 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5928 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5956 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 2.18.121.5:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| NL | 23.62.61.121:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 121.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |