Analysis Overview
SHA256
17ca6bbd6bbd926e402a1a2f47c5b8d8919b6e1c6d2e4a0997de5dc8331c1e10
Threat Level: No (potentially) malicious behavior was detected
The file 889044ca214be06855e5f02851696ad1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 22:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 22:25
Reported
2024-05-31 22:27
Platform
win7-20240508-en
Max time kernel
117s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000006db572ebb180731c00e513b423fba5341111f8d32946745422b220ff17c5217a000000000e80000000020000200000001853029c24a9b49144ef6d8e715b42d76e7905cbe9aecf90c85155593ffd7bbd20000000f0bbf1ac72489e819e8437de38dc569bf2dd7c0c40bc4b320b214fac851d42cd400000006cf613126257363482c93d5421631d5e8db47ecffb35fee07d3e7769b2aeb7ebfe0419dc5c1e6f7a9a6a38d12b4fffb2d839dfdfda6f9cdbbebd8b378d9b6074 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423356181" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000080e068cf96ee8a609404a4190bd2193ae8176f291742bdff8a2112cc46ad8585000000000e8000000002000020000000ccbd1771ab07700f47cc12a7c96bfad55b6f671a219c167e51167f46fa913bc7900000005318d75812175d5ddf8f9c379e4a0aebbeb8585afa77b9d357887c1d479870c97075bf9dbcbbf82062e953f65fb62945d50604cf1a894974797e335927fe3a65d2490145d04a36ed0f4232ec6dd567ac7767d16f5cb67639396e33bb6cd932a4c565616b8595ff6d7656383e7456979b7d9251d7510617b182dc6ef186856a24fb4a7534ed8036822d256d414e1d0897400000003af4a416d154658b18ed063100fcb6759621c4e6a8645a09adfb0798ff9247e7cc7e11b7102d105174d24aab1d1a9afc60a1c6d1d4f59d128f3dc30a0e85527d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 800def7ba9b3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A6A827A1-1F9C-11EF-91D8-D6B84878A518} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1704 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1704 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\889044ca214be06855e5f02851696ad1_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.232:443 | js.users.51.la | tcp |
| US | 163.181.154.232:443 | js.users.51.la | tcp |
| US | 163.181.154.232:443 | js.users.51.la | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1787.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar181C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f60d17f9e39daa514802f1aa9f89ba26 |
| SHA1 | 44dd44c03c37adf5a77510112f6cd81a8695faf3 |
| SHA256 | d7070724d548f593fc55ada0efa6674164714635b0d5125c1d28aacc0080bc7c |
| SHA512 | 64fd496ad8745c10ea977692af98e6710a9af1365333f5a146ff5873a74620b277a1e6c545957d01e1169952bb48c1804b535847e7dbb09a2a16af58eb3b0506 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35e2d5e33e5d87978c7500d2dd604aa3 |
| SHA1 | 8bc744afff044e1616e540e9b0287b12c5eb1395 |
| SHA256 | dad7423be26819c5248a75e1bdcedbe28c55d68b1058b132b8ab73461a432205 |
| SHA512 | 271ccef0321c8077ff351d6091c6bcae1741c84758020c5f95b40dbea32aaed14e5930add0104ffa62cc04c15edc5d43d26985050ce488e1a9f857721a15e5a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab1dc7b25c41da3ebafacfe2058f6f4c |
| SHA1 | e0c50bbc06cf9d41edb161c50c065bed3869640d |
| SHA256 | 903e4492837b6bb24ed912df0cc26377581a8f6a112efd83f2c47d47b8f2c217 |
| SHA512 | 09e253a1440d5e8f751a5673ca264e5ffa77719d45086db244337dd52de1b34e8288fed5254f7cf84c2e61fcd00238f8b4774ab0292d8fcff2dea6e4c9d1328a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a372f46d139a2876768cf040a86472ea |
| SHA1 | 69378974058911efb5f1a6eb9f6a99d7c11f8f46 |
| SHA256 | 467a43570e6fc618a7d474bd5512a3cfc594d5ecca7a5ec82b819d779d150bcc |
| SHA512 | 6465f88552e0de28ef3e8f2bbcbd8359622d3866a99409ca2f250e22649575c46597a4b4289d8ad2f078c31cca7c53ddc6a2cff17d6d27cdcd928d39843ccd75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5ae19648836673c8c1430998e67f5fc |
| SHA1 | d2dbf01bbf0d4878bf7fc4a2e2be4254737d4e8f |
| SHA256 | de72bedd14b0ac4bff97b77f2468a7bc09bf4e9e97aaf9c425a0013abe8dcc82 |
| SHA512 | 736cfcccc2fb582f43bfa6ea797e8d8b6752d81167310874d46661b661ee6bb959b564c8b56429bbe100bf035f38f45f8db0d70e11459d2a9b7f458277e0cf3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b15aa4962f868452008e6ad2f302a4d |
| SHA1 | 2e7e722be0455adec9b0b5a3a3b1233583c98e00 |
| SHA256 | 6c1efaaeae62733b2183a557a312a246a488eb57655f92a1fdaaaae565e72c54 |
| SHA512 | 9bdcf4e5f9cd6dfd1c7306a99d3ffac822c640e7addff08769ce55de4535884d0dd48e7b43fa4e2ccf00f80cc8d725e299dbabcf09fa767a73437a83e3f0658f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a5a661ba42b793ce1f6d330645af3fd |
| SHA1 | 12dcb23311b25ffcd875e4aa5fb3d952132bf41b |
| SHA256 | f2a9337e4965aee2f1b591971eceec878b596c219457c1e56347c1f98b4147ef |
| SHA512 | db9540a12cd9fe36ca6ad9ca42698ae50834bccacbad86110751edca22d59f08cf051c5f6b2b2db32206462cdefc36ce58b35266c3833c15d591df6cc43e2e9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d71f3c3d4a8aa5e82d664ada288c01e |
| SHA1 | a87ab75a1cead4c8acf16d6c3382d720d5d8641f |
| SHA256 | 9df43b482e6e76d68b8215a925f8c897a790cbc3fac1822a9d9c73c008e38bc4 |
| SHA512 | 3fd7c7deb54f8edde647c149499671a37bd3b23e205b5d985459cb4623bb1f82ce577a89f1619f6b7eaffccd501d4a063b603a61dc845c86f4d0a0ca4e2a6b9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19704a2bc2ad2afbe42d1c5bd9cf99e9 |
| SHA1 | dffd1a8d84fcbf7a3f3880d7b2fba3b5ff266c42 |
| SHA256 | ec26fc1ea7c9935f412060d6f66ac7ca349e04bf1c8bcff0b2e42b70b642e594 |
| SHA512 | 89b20b5e4676c6416ace3fbcacd9818c37d5f7571336de57b2bf3d9f2e947ba9a5631d8d3c889140c84017ca7588acafbc027e29942a8568a057e88bda4eacfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b1588092c30e1b1d5b7661ece301191 |
| SHA1 | 815a8c1e6cea9efd392e2b9c4bbb626600c1d6c8 |
| SHA256 | 64759068bafed8fd292baed40a40b284d95163aa01ffc157729d9c96f8adf8c1 |
| SHA512 | df0a990a52569e7b450aa95d650866d91b10071b2c0e2eadeae7992f22228ac79ed90b0cd941aed395547ecb5d2397531d115bf03f986f8082bd55e5c55dc119 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4726ce40a2274075a17118f0780c7edb |
| SHA1 | 5ef08dc1de7bd266deb4abb7eb49e525fdbbc359 |
| SHA256 | ccb80a8136d2817ae9bd571199e920f3bd772e931d3faf51ec071da9cabd4f4d |
| SHA512 | ecfb4801d1715b6d36b0bf4603cd3540caa930071258e8e9e2db310aa11b9d327041a3e2f8b6c4b1b09d9859d31e6d594d00fc8f7ee14082809fbb9e3806e084 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05c6ff20503ef9fe53ddc947f9f3623b |
| SHA1 | 5abbd87611ad79143d4f51059f84352109cf59e1 |
| SHA256 | cdcfc7dad1006774ef5f42dc039e3efc91f924335c40bf95d3298e9f12ceec8d |
| SHA512 | 09b09796d05df1fa2dbfd34bafbc88d456086c26171b61d65699f2cc1d4a4d7f5ef65c3d049e0d44d23da0d1a44f0586f7a2cd5aaad269b6a588c09bc61c8e1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0c0996731664d2ac69d75a9805f979d |
| SHA1 | 13c60559ab31b106951e443dd9e349311a0a6d12 |
| SHA256 | 65c66a1940edd162073e0f619880ab129fd31f57cefd43ecdb6206da5dfb3983 |
| SHA512 | ede8257557e172edb8ad8839e02e2135b00c08ff53ff1c7fd080f661ad363fc544b497294d601ad1d1bd4785aa6d259238ca73b645eec45fe590c8e874a7dee0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6193859a80eb22de159b5baa521045c9 |
| SHA1 | a023abda6e45dd99532e27244402001c815d68d6 |
| SHA256 | 8b7fb87b3497a7dcb0e7b55cdc712344175567d441dae6c4cf4687d97786b284 |
| SHA512 | 265081d327137e8444ffc3e158ce58bb0b500a4d34c56f6ba763abe17006d9116369ba4f1ce3fe5ba37c9163d31f3ac9ddfb2f96d361c2eb582d7f45b842dbcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d973d6d6767c9f25ba69800c0330d15f |
| SHA1 | 091c5f5e59324c827886b2b45bf2efd767fea962 |
| SHA256 | 0d7da83af1a1df02e183196012e9c6b2e100d0eabbc40b517ea4469719ba6709 |
| SHA512 | 753189d0dc6c2dd0b7a955676baf7cba1fc578e2596f4f1ce7c3fda225504220abbef97356cb99dc9b9dbabe140f78d89cabf5425679b3055fdd368b9a9fb283 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 714863bf031dcb27551e1241896e5054 |
| SHA1 | e52b6e0e1ddabd90467230914e3325ea50118adb |
| SHA256 | a5124b10772fc78d625ce2cb6cc54b2b1dc4af2fa94a8939e085aea63e2cfeac |
| SHA512 | 0731d80c3edbb1bbfe53b0edb22959ab79b11f3af395570b0915a1696d02d2f010d8dc81fc2d3fa743d8d0a30fb2b628d9b113c82bcee469632d25cd027d163b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ede616a6012b29b462e1620e519e4304 |
| SHA1 | 85b4968443b7de6f9a1da569d5727c0f692c09ec |
| SHA256 | 1113b3874bee374fdffe162405e9fd82ec9d50e0fa450a6b4fb8dc5c073898a0 |
| SHA512 | d9f699a33f965d160c6ec6516640bc0f6397965ae2d93f284395676c2db51ebbf3338756a9eaed1896356f36f39ccc28c9101e324ba333eef436e29ef72a0f2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f42c78ffaa2d08505c17ae6c2824c1d |
| SHA1 | a500886fcd54ecb1f9e16eafdc618c3cfb4662d8 |
| SHA256 | ca15dd914ecffcdd8bbd6a98a700901a31ed3ffdd9706a830658d0c87a941b86 |
| SHA512 | 42ed4ce8ba30a42b230226834745a9a62a4c8e7f0ddebc39f1d9bf316c2e464842ec90d3129e8bcb55c58a09916fb6f4cb3a394f9634c614127ecfc40abf0181 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d33e8a5e1ffb6459a450b46e94421a6 |
| SHA1 | 65a3d994cb97df62bc2a703ca15f83cba83b6d33 |
| SHA256 | c6173bcd0f414a7981754e5c14025ae864b3b460058d41842f92e4a296548b74 |
| SHA512 | e2f889b4ac3dfaf94735cdb33eefc96fcd4130f34683b68fd4d3ad8a791096465d3f817bb5d37371cde50ac110a251a4b2dd0ba9c0b4690b57c7bd60eb3c22c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | feeaf1bf429fb649bbf648fc2c329439 |
| SHA1 | 93e94e8df94b97716aa61c4ca4824ec96b7bf05c |
| SHA256 | 5852751539b048d7206ed22efdaf77de29d267d8e24ced6bb562b66742e73773 |
| SHA512 | 412caaa45a6269da29857dc5cd440a390cc6826e606e8f039559922932ff89a6b21760a69ea39e51ab1c0632eb81bf6a833ec32acf77738d8ff34f0c4ba82c20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb5b37fe28f2a43d3c32d7771f40bc59 |
| SHA1 | 87ed875573eb779e70d32db562c48d5361b5b502 |
| SHA256 | 6e3180dc9f68811be54ad844170d8452af275de4c5eae79fdb7616bde401f925 |
| SHA512 | d33344cc8014cc954696db037bb572dddca7757fdf7a02c59fabd9cec784a8b7464f1d395d12f097eac00fac4ad9787939557a0008771b490d45685addac64f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4311a4452eca2e814528d3b8379c1f9e |
| SHA1 | d79c60391d208f2ca6dcd13aa0d900c0072dedc0 |
| SHA256 | f4e6cc508fa348f5a2bcf968ec098391494b62d61a2ebe9970ffcecf558d3bbf |
| SHA512 | 7d9fd797723708ec88ba4d784f5eb2990f51f9feb5c522c3dc372796940c1ed2427beb71ef86e86dac7ff07202914fa551e08798735f8ec08de37b2a536c2000 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 900b4243ea6a0648131ea0f29d00e14e |
| SHA1 | 20468bba87e669d2959271b69eb78a6f30113134 |
| SHA256 | d6935ff99f861a22e0da886a38d06f40818c988d8969ba2e8a3c221813c33136 |
| SHA512 | d539bb96fcb9c9b2dc530bce89d9cb511943de577ecb0c04935b43da642d463626257bd353f56ecaf12c2271940a6a0048a288305511a97df690e34068679a8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7dbc601ba1844fb3867d7097cee4000 |
| SHA1 | 869c720de4fab14e14d14cd653c96fe92a63af6d |
| SHA256 | e880853c35189f5762c60c4db71e37d9e9d0b79047eac3a4ec9498e7b7eeae0b |
| SHA512 | d59040ff026db6e9035b45d1c8e513fbec5c00d505cd2f3550730d9238a9b35dee272d2da91ef05d4d1c94db5d70826ecc90e30e3ec2748e7cd08272f8bb6b2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ba38a9eb0d3d70abd7e460e6538eadc |
| SHA1 | 201452ae0ab029ee0e062db5aa048293652fe1a6 |
| SHA256 | 2df815afa6f36ed94c085514dcc0af7a54111a5edcc8a9d46bed45d61f37122a |
| SHA512 | 3372091ae79f06fb6fa44e9a3261f8229ae60f61cf8c3c735286117fcf0fb22fd28986ca71ad4c81472623d7045714250e5ea869355254ecffc61b6015967f9d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 22:25
Reported
2024-05-31 22:27
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\889044ca214be06855e5f02851696ad1_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5036 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5808 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5924 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4088 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5936 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5276 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 163.181.154.237:443 | js.users.51.la | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 104.166.160.229:445 | ia.51.la | tcp |
| GB | 104.166.160.226:445 | ia.51.la | tcp |
| GB | 104.166.160.228:445 | ia.51.la | tcp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.182.143.212:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.143.182.52.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |