Analysis Overview
SHA256
9fdfa047d095958aba4d9d22067bde0088a8c8b0075e370ddf81262256aba7f3
Threat Level: No (potentially) malicious behavior was detected
The file 88910cd3eeb8fc18d3229b3843f1fd11_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 22:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 22:26
Reported
2024-05-31 22:28
Platform
win7-20240221-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C3E38DA1-1F9C-11EF-B826-EA483E0BCDAF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10460499a9b3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000852bd1ddc7d45b41a6fdf9e75aa23ea700000000020000000000106600000001000020000000a9dc6fef3bf15e11828363debefba2afd3a163015a1ea2a4b3039335f58193d4000000000e8000000002000020000000543fbe6d094ecbe51f9636f804e6e5d30ba6c14e54d6a855c138f82b47c5b0f29000000051f6841f5949058f7fd6c1ad0df3038e17b9b140576ebf494e4a1bdacbebd0b23120010c9e51e10ca9a2d31f83577bf780448c3811df6de1a410aadced0933ff178bb4a2c4c4662f48c3a95695fb7d9e11be2117846cedf172f1e7ace4176c3dd9e0b5d6ad70c497c996d0b5e96964bf789b6f7e656be5eaa2ee12bca863be29c332f45e27f9d5411a4d5cf1748a0a8440000000dcf77d7908a2940c8cbbe5d97ecfe6e8973c8cdd8e19dd6025f7bf3b94e300b522d5c5957ed601d2d3f48819ad6b84e05ff8c6bc8ee609afc0b691951baf9683 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423356231" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000852bd1ddc7d45b41a6fdf9e75aa23ea70000000002000000000010660000000100002000000064e3492ec68b9e1936144d6bae8d470d7a8cb10a5ad7240d727ce1a0971a836b000000000e8000000002000020000000a012b9c88872e14b13b3fa2eac6a93bf3bccee19b2b1e89baa2d6fd4af880a422000000029af516f168106b40f9e7cc3b106a3f6eb08d7fc795ea301ca73f4cf5e55823440000000e26d6ddfbc2a765aaf30aadcf175a68299deeb5d3b2d1d4079d786d2180cefec7400ac0f1abbfa201b1cb0387f130ffb1555a5428cfca0fdb1eced969ca6180d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2872 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\88910cd3eeb8fc18d3229b3843f1fd11_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 188468ac60bbfb1c00e6585c21b0d86d |
| SHA1 | 93d131ca0dfd79a1b121ebbacd02c28fcf9f150a |
| SHA256 | 88e546835047e856e4f0e31d5452bc07a57f28e3ae7800c777329bfb17782793 |
| SHA512 | bef2aa9c9eb2a3131368ec3b350d731f0f715aa2d173e8da1c6b5032488f01a47b9977c139dee29a1ed08caa4a5a37972059d5a41e26b3dde19304b1aa2e4a61 |
C:\Users\Admin\AppData\Local\Temp\Tar3AA3.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab3AA2.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3B75.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44a5405583404e30869766c85d6b9eff |
| SHA1 | f2cf0ec30dc1fb2fe708d36caf6e8d9fc1660b24 |
| SHA256 | 4891c457980b7b4ea987bfc508a8c7da6f71fd6c9b88ffefe3229df75755f904 |
| SHA512 | 529429e202b84c87fa0bd4dbb73a228341c0ee980bb7a61ed9423f3cde3993bd1dc5a35d64ba98fa9c60b7b8c4ed016eba39abb136226ab333f84492496645e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 959c58ba98bea5d3b7e7e488e8b9784c |
| SHA1 | 6b00cff4761fa3816094cceb2c253a4981582f5f |
| SHA256 | ba9ce7adc09d0229ead4371e9227122ea4afe801bc3302b47b66c1489c6bcc96 |
| SHA512 | 3eb10d294a80ecc7323237c08b98c13446bd0da733d8742ef392902529b91a8c0f51e29d1fd5ac1024321549879b88dabed0e4cb4a37e164b93ab606e10460d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4ab3434996c09e7c9b47a4e814c6ad7 |
| SHA1 | 46ca17383af13bc49d8c8b22b69c9c518601a44b |
| SHA256 | 4804b59b2788fae860dcd7db8888d5279769dac346156333c8bd75908e8e5b93 |
| SHA512 | 86569c375adb595756d4c326fd157b08402d8b4393a0dcc4cd6cb0a1a949fcb8d98fec35b7ae4ce16b9dfe10cdc47ce6e8a2ee1a1d5e9a9ba648c6401dc11f42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37cc970742eb842a0cdd8772449acfb9 |
| SHA1 | 4d94da8f5a950b56622b67130f9bf74f20666f14 |
| SHA256 | 497ac6ca13d76d2285530dd4344e82ae0bd39926d4d5ce3d36886963bc77db45 |
| SHA512 | 2fa2d34d058a90d8231b6b55e7d9e8b62b6cf71b7539592c3af88e94c7383a2cab35cdbbaadb5390903d87f20738f81f736b0388be0f02e2c1ee06ef4c467e89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ff5ee52fe99db02520f137866fe7796 |
| SHA1 | 7d2cf3c0eff66728cf475d763af81112c05eac9b |
| SHA256 | 62a70925ca5dee017c178cff35db236a2624eb55da29aa43e69d326a73b15894 |
| SHA512 | 8e8e545e4be87ea08a8177ad6213bc34294292eebf302fb6deb40b341e2c8496d82f5225c8e669c7677f252fa407b0498d882570ea8dfeddcf98bed88e83be15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f75ec007f8260849e1400deb3169b52 |
| SHA1 | d50486cf784b64cc4428a971582c2fb46cda6975 |
| SHA256 | cd90dc5c2cab0c4e0004e877896d8f35cfe15d1816e4762a4e0646e4cf266a7a |
| SHA512 | b73d4628526212f7181d73b6f1a294dcb6b6e8e76fc4bfc5c035c14a9082884e016251d0a176723df7bcc6c381c21cab2f95918e5938dffd19970f1d04533fe9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7aed5204a2948bdb4a73c65872569922 |
| SHA1 | 90d81ce4ca17d1d1a916ec865394b7f603669727 |
| SHA256 | 0d0256ac65f2de5b9feaed45c8b49bfb4abaf854a7ba2a3b24403cfc0a5534ab |
| SHA512 | c852f292247cb28f105946d9c44978a78f6aa18afe9a9c6e845ecb7ce1d2d2f22eb0b2ed90eb62593e0e3e5f5ab3f317d5b49aba6d41a17a1d617baf326fc86d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6d46a9a2097ddb29a0bd39472e9bf5c |
| SHA1 | 2fe5d5e80c8810a357d67dd94dee47402f14cbf5 |
| SHA256 | 0fb16884f0543e2543612659cef6051751cc8705ae26260c7fce89931bb4ef06 |
| SHA512 | 19c5f2edd5d0e48fa58ff52b4a247b7393090db4807ea1944f3d87fcc92a1f24a8bfb7ef5cce3df448913b8dc6d48e6e8032881abc43946bf600f3d06f893cad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52bba2ae30b41f64443c3d7e1111e013 |
| SHA1 | 13c17d7d044562fe287bfbabd0cfaf11bcc8e0d7 |
| SHA256 | 8f15aba153c63e8fb7437977df247fdf0635caafdafea3a56b209d45762e2d68 |
| SHA512 | 25efe1b065533b9e06dc638bb521a0df37b2e7b42ae254cdebe9e208807a8be1272253c802de91230adee1170ad132e16396606d3ab9b073b918aa9c70989504 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0912a9874d3870558cd00192787fb0e1 |
| SHA1 | 69a75f68484a0d5dab9233904e2333cb734e0513 |
| SHA256 | 72898cc018f94266139b674ea81239770953c672755a8a82d825e99a7b2859e0 |
| SHA512 | 6f6448413134032df8bd9807096834e75768f35d90751591e91023febaf9e56446096c8f4845249c5358c29e094e966b61267765a03736d8075563678f4ece9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 381de691522f9d132278eac88ec74e36 |
| SHA1 | d725ca2119763bc5b22d054e35e8370a85ad734c |
| SHA256 | 398311b05ec1d4f0bb7b70cceb282af79c518132261c9b8e8677b3180dad1610 |
| SHA512 | 7a99664196b99923af11580aa0c2d8c393a123468e1f7ae466cca297b34bb2bbae761b56e00fc31439e48a81fdd5a9b32006d47aab4ced7c895c83c3693d2be3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | af54104cbd2dbbbcbfaaa557a5a1fc4c |
| SHA1 | 5f3a662628a58747e477262a540671b26436fa5c |
| SHA256 | 7075274479d2feff0bbd7198ea8ade73822af1ba85821b3c534351b29570dae0 |
| SHA512 | e5d06937ca5c48e253a36accf3c5dccd6f23db4d386b6eb3f60fdee8081e0681b79b845419bcdb1169fa47a2bb5800ef0d3373e92889ae98072510442fac8dff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ddc9d7927efb06423f64c4f84bc6ec4d |
| SHA1 | 229505b18febd9ce2987dff3f917bada36f0eb9b |
| SHA256 | df14c60b89ab07ee3c5e341105042eaa49f4ce59489edabb93c84b3236592e97 |
| SHA512 | 93cb873ef2b9bf35791391116881c3bbb452f1b0d2472e4dff3feac22d0cc558f2c7aa85a590b2776d1c0e49f788324509dde62f03c14f2d2670c1befdb53860 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f86f32f4556163c5c3d42d34567f5977 |
| SHA1 | 1864e440c186ae5eda48103f06b28b42b5db7698 |
| SHA256 | 6dab6eb1503fd22c2d6ef7f7b638462d9bdee8b89f7d49aabdb459c49dbed4aa |
| SHA512 | 1e438237483c5df5a2594ff320535b547b4eab918a00d9e5f709c85d4aec35e51d39f57a50d4e78a8dd7b5dfb049d2d128c04536ab482bbfb9c93ea3d47fb998 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 645cf8f92b00b7551904fda4f07bdc12 |
| SHA1 | 00148809cbbfb01835675f378d3bbd82db10553a |
| SHA256 | 19b074078bed76a6bac42543a6a48c06688b91d3f9423e3ba2ef22f95e1af175 |
| SHA512 | fefebe4db158d0e704146e32b2d3db73ef499b6ea15fada956e845bb875476b9d78bc11ddf1d1ee92800ab233e57af18ce1115b37fb9c2058098c4615f89d130 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4545c01d6e720a60ccb449ced99edf4f |
| SHA1 | e3032f37e798b96e96c4b9fddf1a3fcbcb271ed6 |
| SHA256 | 047030aad55c52a8acebfc235cdabd8d5bbc87d6184e4f65286b974d81f75ae7 |
| SHA512 | 0d3f3f259998d353ae6cf5205a78a1201e66be01a4965167e2b860c2b0d2a01b284a1b12d555617034ef25dfe8fe7c35d53442253290730868d297cdb080917e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 55aa34e933597cfed0117dddf69a7e0d |
| SHA1 | dd295664f01914ebfce663a3212d0a34df279075 |
| SHA256 | 17849bc2bea6f4ad38ef8b2d72dbe6e5d0f7005a5689e560b927cbedfc6132eb |
| SHA512 | 27c69371aac53efb9c69efda2b9f87a5e57cd39a6269d2646e6bab7955798a363c14a860f919e1ce0ed896afdb939f696c9e24def8ba0208d19d7d3d4f1dffb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1dbd63dcc0dd10713c9e7eab776d186 |
| SHA1 | e78699419c6b1d4cf27c062c27ee943d4c61a80e |
| SHA256 | 3f76f697343e08c4c96d07cd46336111af4b3380a70f7ba4b92b709babd5965b |
| SHA512 | fa05c10d1efa541482751386dbc69159bf9c6fdb8cb84a962cbf9ff7c62ca74ed75f9c0246d277caa4879756a51a2f6ff8cf4d1ff9f02d143ff4ab7f2825a3ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee848bf4255809a0b428152e09cc283e |
| SHA1 | 1a91b1105d6505edbc3f37122c266020997c69aa |
| SHA256 | adba6dca49cdd2c4bb14eb2a97b6134ac48369eea84c8473d400f4b0f25120a9 |
| SHA512 | 38bb511282f8a17446507512368f89c431f6ba9c058944541f87ea9f34e5ea071b417d0bc22baf7bbc47559c06773b91fbfb1ebee2a770953f300e751821f037 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cdf76e893233cfa50bd8ad8b0d1e335 |
| SHA1 | 1dae39fb2572f0eda8baebacac1b46bb7bb170bb |
| SHA256 | 86af7ab1766cf35c5fdfc7ff2e375d2aa4908373ec664181354104897c249ccd |
| SHA512 | fb34dbc7230d81f659ed04a92ed65f157458f8c4536ec5aa7db63fd96cadefd0d1b3257d54203a81ba21b821e9243cbea190f697b93e45b8f2eddcf79778283e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 889f79beaa10103205871a6f949dd731 |
| SHA1 | fca510556af200518dfd8d428d1d9bf65455d5ae |
| SHA256 | 34943519836e579311970b718233de5bde89d4f2d19e76bb50816a82bd3c4eb1 |
| SHA512 | 641aa18b44d4b64eb2da99d90ec6eb84f51199d71661a31ec64b8bc012db097fd73ac8908ee486cf903216dcafdd02c5698d8fd062367bc8264662bd8a77506f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 22:26
Reported
2024-05-31 22:28
Platform
win10v2004-20240226-en
Max time kernel
138s
Max time network
144s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\88910cd3eeb8fc18d3229b3843f1fd11_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3996 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5448 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4796 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5344 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5936 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| US | 8.8.8.8:53 | www.trinbagokidscorner.org | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |