Analysis Overview
SHA256
f253c2558b960f94f6b3c6a77d7b2a242204427db6090cfbcd5bca58058d0b3f
Threat Level: No (potentially) malicious behavior was detected
The file 8789df3ce0891894c694705b2055b5ea_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:50
Reported
2024-05-31 15:52
Platform
win7-20240220-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332488" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eede1d40f1f35f4798205a18778b23570000000002000000000010660000000100002000000006ec5489a092aaf41c9cd5b9d6d55018387d69532e7acbe049a6eb0f92cd4408000000000e800000000200002000000082a1127c4c992198d442970d8eaa81e2392a403a8cc3edae6da733e4bece593d200000002a8be816f0cd66b9cda6e3d3f5382a4c6530b575df7f64d45e4a69bd3f60c15c40000000007dd324edbe1bcbb9f2dac63244b7d9715db283c0d6f6401adda17ff2aef4e30f9e27333d087c2cbec147dd8a7d2152e057fce37c7c35b5e709ffa9a6798099 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eede1d40f1f35f4798205a18778b235700000000020000000000106600000001000020000000ebb471e5b3473697915562923513fa1111fc3089e0868c9182bbf575a1e0cc89000000000e8000000002000020000000a5184c4962a588c2aaf2f92c7a87e9e4dabc2ba46877c7e118588ff3f31c578c900000006decaa51cd5adf9a655191e52aaa6f4e9777382484b80e1c89531640b0f67515ded0f8b8bc458be2197e3fa4145c4f06db77196524c5d7bd2d5dbfa641c69a051aa56b9c859ef1fbb70d0dd9572658a70c3163ca34fe1018adb26bf05eaa1e36cce529f9ec24e5de9f3ca621197cabb4fbc8e553c997a538a5435db9fcedded60bb37b74d47899b1c9e081ead18d613840000000189a6f96a7e1347e9ece68b4c0d850053396835cc992e4dee8f8112a64e3b1e4dee220c803f311052a483ee467303852c129ea662677cb5e6cce7081b2e4045a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5012a55072b3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7BEDCA11-1F65-11EF-92B8-52226696DE45} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2196 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2124 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8789df3ce0891894c694705b2055b5ea_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 76.76.21.164:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.164:443 | party-nwvqdtumtz.now.sh | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 76.76.21.164:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.164:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.164:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.164:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.164:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.164:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab33CF.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar34F0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | deeeaad7bc32204545d7e320f43e7222 |
| SHA1 | 5d0f9a00eda72a7db310badda5a8f83fd70e35ba |
| SHA256 | 0200b289f5c4526b42d4b62f8a169bb075eef0ccb35207ceb62962dc256fc1cd |
| SHA512 | eebe47c1d1d5a0d16b1774d3f1850ca718c8f17ca075a010696b046fdc6b90dafcb2affee360dfaacdc771d69f3fc0d3a1bdfe797d4f17d7a77f251355ce7290 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41eca0c35711388889af8e1446cab298 |
| SHA1 | 0449ab13910b6ee9d1fb00279e69e64aa978284f |
| SHA256 | e61f6f07bd88b58a7f3cb19d7c46acdc5e8a5d2220c2de51f30fe546e730d9b0 |
| SHA512 | bf8ec481e7db1d0a596f02422b7857cbe4b3ad35fdf7be5a2b0ad63c9613b982b75e49c687dffa8e12a212e0bca7d818af9e6633b1fd15932e98e2a7e41413ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 231185a5cba1b5255e113874c67978ae |
| SHA1 | 176f5ebccb3821a03d322af51296ec8f06f1a8a7 |
| SHA256 | 0610b6e1ce412ccabe618fb4cdc106b3951a042530c9e4061ba77e970b3970d8 |
| SHA512 | 31bb1aeec3ab69bdb2edadf2edc8f423f0415712a04c28034e4fefbfd969c00c233a9e9566ea97daf04f0810b10b7fa5c196b6d9deba22a7001447c7cad7912c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a9ec5b675b4008b7aadb415ed683b02 |
| SHA1 | 92a7e9d1431a841c130d0879ca9372f3a8013e72 |
| SHA256 | 1509222a42babf02f12533358ff891201db64622b5739b93a41b41be1b524d00 |
| SHA512 | 9f90b8f042d3936d61210623ffbdd99bb700897ab616436c277dc9256e6eb9b112f1707da156d18d54178e55808fdc62c7dd8c97bcd1e889887db114c3377658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fa6a534662861cd3e86acd7122f5ea6 |
| SHA1 | cf6e40f7dd6975aaeb881eadde3b05bcb714b291 |
| SHA256 | 7e6977efe168a810ddd5ef15bf6176531c758a8fcec6ef4aa749577e21854765 |
| SHA512 | 185350ef87e76513ca5f992b2662e87dd556a307d6306ea49ecab28abfbae1f754f87bf6d6a39bca5bfa8aa54cc8a8982b147587f0f10a151a793f4ed9d125cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1869714397152117fccb17e569a1a28b |
| SHA1 | 27dcec24c50277b4a8615ffcaddd56580e598945 |
| SHA256 | 81434922db0afc327eaac7764d25fd33e7dab2d145cccd7fb328d965d4fbc2bf |
| SHA512 | a5a27572f62c5b361e2d2a86db06de64a770d1f094967dfae35e98a7039158f3780a1a112cb46788370f9baadfabd645a57cfc6292cff7f4be326d94054c5d3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e15f5d4d13b0b67d64e413cb4f017d0 |
| SHA1 | cdee53f28973eac70b90666b54b58204de5f584c |
| SHA256 | 0597af3bebf5356341aac5256ff18b10784f0bf5f0b4396a4a809ae99db877b6 |
| SHA512 | 3f145ba5e225a25d232a21b5dc9c60176cae2fcd806af22a9eab97c312aa4fecbbc124a1f937dbd76eb39ad935d5f48ea0a0c5c6da25f3263fea5a4667e9b1e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 572e81535fc41432173f31aa4b2127b8 |
| SHA1 | 542c2034f07c24b79cdab512ebcb89dd1e061ef5 |
| SHA256 | 303879bca8b0f60a83208c499f30ee99555ce2994dc1861390d4f1360839b893 |
| SHA512 | b619a86585d07a957318beddbaad8fdb69ea4a5140465e123219e41f6e7d000bfde6d3e328c536e3a3601d6ca77b132a9693cd5f4d8adbade563ec498f27b20b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c791a842557cd8e9f5c335cb74869387 |
| SHA1 | 756601020f107a5894cfb2a52dca9cc074d2c6ce |
| SHA256 | 1e43fc974f0ebe95d982f21a740ab9ef13a00a20ff50702ba548685f4609486c |
| SHA512 | 23657a8208d8a272c4de970dd837b74811b9134847bcde099a3b94cf434955ac71e96099ea35cb567354de008e24d87cebb5f2ff0f0a941f5614ac6eb32ab4aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4af6b1b76170ce4476b71d50c6251e8c |
| SHA1 | 71b133b5dbb5477066fe46a0c4676f0b948b5736 |
| SHA256 | b3d770e2d7740036c1fa9ceff54baa4a856e3dcabedba294a3c5c439eebb9033 |
| SHA512 | 0cefbbb5776268c339ae31fb180e9457d7e924bb359653294eaa358853272dd9939a7f9f7e7e563698b1929aa0cd452266b69bf1d63052f912f54a65a0844d87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6fc58288d7914f30ab4a86efb71d7dc |
| SHA1 | ad8eaae1a86c689c44e382514275b5960b6afee9 |
| SHA256 | 0a42c79b56562d94384bcc6688c5dd4575ba658eba395d506c24f04cbb4db4c0 |
| SHA512 | 35433c9cca8fef7d61a930e3f712ade2ed0cfd638f0154dd33a8e35a61d97014166695c4c5e0e78e52f0b4746bb3e7ff786e9b512d31313b2ae4889f924bc15a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 555ea41c2f9dc0dde2421c76d718dcec |
| SHA1 | 939939b419fa0567fcf0f8fa85ef672580dc28f1 |
| SHA256 | 006fc9dd231a3beda33f08dedad0591c2f063d502b5419421b06f3038ba68714 |
| SHA512 | 66749aba52ec9e4ee44f3fd4396ea1cb20f0c25b9488903e2e9c58aee6680c93075422c16c06bc4953b6a30e9ce28c1f2258b56702be858b8aee8e8434ed13d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e67b3d374bc8dff0f526fecdee5bce2 |
| SHA1 | f2f44fbe62e72e912efaa542c718a5001cc5234d |
| SHA256 | 165643cbf071ab1f11a9d80cc48b0f23ca3be3d8c2f41b2f348ccfcf6a41ae5e |
| SHA512 | c2e613ff616fee18ff499c4ca6c0a0df95dba79054f08fd2d5e8a435a70c3a7979898d3ee647d6f61e2c9a05b649bbc68c933a8f45d052d7605c047ad4405c3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a67e1de68da4690864a7ce7a7e27c3c |
| SHA1 | 2e0c6a99c981d7cb8c541343dc98e0c4e31ee1ea |
| SHA256 | 8505ef34627360fdfc0a9b238777e8db3f0034bf3adc3a4d6c909b5e8ef2c298 |
| SHA512 | 10459002a87a06063d55f68161cb510af12ede14d57e1d764a3e8798029285e349be151e488a5e07fa753ca6b708f33d516519208d7fc40c0fd725d377a9068b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee5269663cce1f9867c413fbc910e7e2 |
| SHA1 | 24bb2dabf224ed4839a1a1ace8b252c637ad4b14 |
| SHA256 | c2fe0a89e45af8685f658d99a365ef338cd88fcfec7b4ee1a174106162810da8 |
| SHA512 | 1a7f8491cba2a503bbfb89693d7c8da0d693eda490b4733e868fd75678ff344a845c807a5e90d06eee0021e2e47f9ecd7ca941c94b9e9cea8febc0c7fd6b2f1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c18588bdfc77b2a0966393ed7f3fd3eb |
| SHA1 | 81b3560dee60ec0316957a31575a75575592155e |
| SHA256 | f04f57cb40c79e4356f8e44fd0e9dbccd9f428e3e54b402bb74be553cba86e7f |
| SHA512 | 201e37199634685fc7717c942baf5157037d329d7d27edfa149acdd28d70eef07ceee3894e6165e9f0fff5f03d36390da713be2a65483d61a0a13c4d136c851c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a40e63063de124cd9798e489bc0397d |
| SHA1 | 97f65ce1749d020cf69c194de9faa9d44b235aa0 |
| SHA256 | b9bdb8eec8958596750bf24b5db8dc59b7147fa8f40e69545d421aedfce3380e |
| SHA512 | 0807fbf8a0bc02c199f96dd0ebf5e5742c009352db011d84da29307b3f0df522f67ead2938734381baac92b77f302e1706abe982e0697e8d489284cc92c9540b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc4469f6402b30d5791f6c9bb23857fb |
| SHA1 | e8e586caf530a188d34bcd8fc9fe8df2f9eb6905 |
| SHA256 | 994c2e2698ee43e6fa2b7f03a2ccab81bc94b635bffce784f1fca6f0b38667eb |
| SHA512 | 34433b89518e86819f4c8571b5ef36753dc85e1331ac876862b3584e7ede2543e5b4b2c2128b1955e617da334ec1626d482c52dd66e53fee2e7504e8646f4bf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5dde00655a8e02ab2f01c5b5a95b50a |
| SHA1 | d3af4cb7b146e91e2d6782b3b18fb73737446c64 |
| SHA256 | 3b394652a19414710e479a4c8bc33283baabf7441b225c8955153e05a4809f9c |
| SHA512 | e92ad80b1b43901a86f20bff5b81914f73fa14bfbf305338a589e94723f6c1d94e09ac0b8bf140bb75c0ea92cf17e0d2163af97b14697268d442113c8c49abd0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 15:50
Reported
2024-05-31 15:52
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
137s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8789df3ce0891894c694705b2055b5ea_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4312,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4208,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5292,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5436,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5424,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5432,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5684,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5916,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 76.76.21.93:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.vercel.app | udp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.vercel.app | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 76.76.21.123:443 | party-nwvqdtumtz.vercel.app | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 123.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |