Analysis Overview
SHA256
b73d3c369ff03778d47c7c2ca410b3b9a13de94ff6eea5bbeac61a81e88493dc
Threat Level: No (potentially) malicious behavior was detected
The file 877c621d3b692873be2304f7630c1c36_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:30
Reported
2024-05-31 15:33
Platform
win7-20240221-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BACD4EC1-1F62-11EF-A293-4AADDC6219DF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000010c402ad9e36954ab016deea225629a1000000000200000000001066000000010000200000006ac5ce8ebd58e46929651078b7bd1bb5d7043d31580803fbbdd3bb1d93401bc6000000000e800000000200002000000040aa0752f4e4fbbff7f2f352d533cdb9c6629f20fa74a8ae4934948e9cbb1e5c900000002afd82cf1e81e9278c2b045d3b161dddd0748625e2ddb7a2e7ba336cc82162f3ca248f0ee5ed16364d4fceec7b24f34ac3fe3f3af228d76925fc144105553861ea30975fea94f66236602b206bbbd9935ee64ab9f72053792653b140a57b8d227261739ccb24c86d4cbf86107a9f7fda1c6bce069f7ab3db5b3ae86ff18fbf47fbc4e444aea9cfcddaa6c1b6d88b5ab1400000008bde1b9dfb469346b4b07441a8c3cb1e509abc69b7bcb40ca32c2babe6fc1c4056fc6a9879c63127eb80782bf7da4d92e1d08c22969476ab3b66e90d030d2655 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000010c402ad9e36954ab016deea225629a100000000020000000000106600000001000020000000bce2b8c931cdb28f5c76417bae64958e96472e71f2e7c1733602425e36a6840b000000000e80000000020000200000008cc627a924d431f04d8f70a130591ce0a803a055628cc3eeaddfbe0fbbb0056020000000395f450c4917faef5bc44b7c2a330cd49067c430a077f40afbae426cf66e72884000000011023d13b08800c8e4360ed2f61526916db2391769ff313b6886c73bd90f7477ed5923a9c1544ca3ab3c71c3bc9850a20d7746cc5d51fd1a33be2d8bc03057fc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c025517e6fb3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423331305" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2152 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2152 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\877c621d3b692873be2304f7630c1c36_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2A5D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2B8D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88aa3e9325ccfcd013188e2f35f42272 |
| SHA1 | db07ef20b0dd7644e397ed8b52ad63c744aee7dc |
| SHA256 | 0313e29cc035eb7289f483e1ee2fd823ae45f95a500138c43a99ad87cb6598e3 |
| SHA512 | a664f04af47743b0bdf83305940ad07dfe7e4050c495896776c777fe7a951390e0b5008558d6a7ae5cb333bf4ec9d8f7c8b5bf71a49102db7b80e7cbfd39e4fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c98bde22b43c081bd7755497a054d346 |
| SHA1 | d7f717b38b8797199f9fbd6be4ae86fea5a716a4 |
| SHA256 | b1e8b2162fe059516ab1c335252706579ea4d274e17d15ff181f662f33068fd0 |
| SHA512 | 9f7abae02071ff508253b949822fa74c4394e8783a2254e8fdc3a6e0185997914e2a9bdc35bc832d5499cf8ea79a442f440b8e295e864292eb11c325f18a28c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a834b846d11eb83d57ae11dd71283827 |
| SHA1 | e1ca1ab0528dec0552614bc0e868b42d929cc333 |
| SHA256 | c3c707307c67fd95671ba82bbd35c6058903bdb96544c39cb10ebd0037f654d6 |
| SHA512 | 5987b31cb0a890af92c63e62a6a8b552c19fc8972d0da75a855c7f4dbba9cffa20850bfde6308398ea4d9e2535526bf404486760b14a7644e1701f726e143ff9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebda56b5933b47db48a3aa5a389811f5 |
| SHA1 | 8c034a0c59fde1771b7eaa067dea39d52159a407 |
| SHA256 | d59c03eb1a56c1c9400dce65ffe2a3ab73b64a0d9898381fc03f1a1ab4c3a14a |
| SHA512 | b6f12ee7ad42ff33f7f078297caa31b02a1af39fd4ffccf8d748288cba28fd5953b326fa18b99ddc47b7633875e857f748569cb2b8b7cc777ef67e3d74a0ba17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db7950df7d0d7179c4c62af8830c7736 |
| SHA1 | d44aab0c3d3eb7d23f9ed42156f3dc784dd8c991 |
| SHA256 | 719c9cbcfadb06379e1cf656a52dac33d37d594023c8f2c5e11399abcc896bbc |
| SHA512 | f4fa79d7c4ded2b4a657d647e50f55dc62d838a0e6ed7f33b34d30d0f7fe52e4be10ba0d89f05d8111ea864399f7f2cbe8acb78d0de9f9207bc791ada67b8268 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a89c0558ea6bbe4784fd6e1dba8f31c |
| SHA1 | 9f2038fed83f5d01f3373782748cfb3b762b0157 |
| SHA256 | dc054409caa503ce817f40b3d7c345732ed5118bc942887d3a4c176dc1604cfe |
| SHA512 | 41da50710d3576054577f243633b8033e8108ea7be8cb77dff9896a77adffd7e8f8dd7aaf9af1932b481b52416340a42f92844bf41fac6919bfbb0347d19254d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9ab45595d002d32a0c58b0d376f7994 |
| SHA1 | 84114b2a5ac39af16658f2c345a1cc19979286cd |
| SHA256 | 10cf99df6a27953c99f0f7edeb90b4e7a2e75b708b933de9271b437edc4f281e |
| SHA512 | b99ab89c394f5e341bcd03284422975b62ece41df5873c4cbd0d2a7c3a16d0f7c7432511743fb9223019f8bdc6e294786c56c145e6149c3fa49231ffa3c0203a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3c00497ba76a0579e62c2f4e1297ba5 |
| SHA1 | 0090e709e49f4f65ed6c2f1a1df2bff9dc3701d6 |
| SHA256 | 9786c708ab2f6f1c3192de5e597b3143511be2c2ef419019e6bdbf2e364ed94a |
| SHA512 | 98f807dfb63735d7b590f062051f55ba0df4bbad071219c27980fb39a2c481d3d694d38b91637e3c01c2d0fb7151783af2a82851bc32d0816f4c38fb4ed117b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f53573d630d834a6b231b4e7c675676 |
| SHA1 | fbd325d7b2c709b89a0a6eccbe2150c786e72fc5 |
| SHA256 | 9c1c05c86d8719dc501c5899cd7ef079b74981d950560d12a2beab7c610f75b5 |
| SHA512 | 5ede290b0904f10603f3e64e6f0ab4e3d7119640023f71921dd26da99d4e074c7d4d03e8346b989e1243b1994d2b235a17fc8451a7c2fc22f43fc718c7670716 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d4ca295bbd8cb19df09aea6ce4e56e7 |
| SHA1 | 1d9caa843f68abdae068e6d5e75dff306ffb4327 |
| SHA256 | 97aaab690609cc50e390ed331d22829e67fc926f265543ca94df6f7a20905c09 |
| SHA512 | 2b0e256fb0a4c9f252433aaf99efc46503e84d7dffceb914baad6173c1ea5034606c395186e71c359f51177809c8ff40152346c6666b7723350a766687cd379e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f67b71f010321a0b0ff49e2be536daf5 |
| SHA1 | 2bb5499f0c868eaeb627d46e1a49e0bd26a9e3d0 |
| SHA256 | 8acb4ffdb54d7c31b88440f369f546de2d3036162637dbf7473547c467d022b4 |
| SHA512 | 04e5b104f7be2c884c5d79f67fb27695f936649ebdab57d81499337fe6646d84254cc74d755a3b60f0eb3e2a8f9395c5c7cdca2a0d0c1c714b5a15dad758a5ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37f1297d50d3e215e20dba52c55ce8f5 |
| SHA1 | 762ba8e60edcf868df79e1df5c8c3af10e5bae77 |
| SHA256 | 8a22c94ca5ad92f4ad0ce8af3487aacbafd198615bc4380a3884eef771c54050 |
| SHA512 | 33f0c551b2669280ddec02ee90bf93c5db1b6f0089dd1005752a66403f8ef6139eb3aa9b845f55ffe769ca71aa49788b23fb4a561be35d888249205296b40a59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5d95339b0debfea13726b19e3fe3993 |
| SHA1 | e4ccb664c00bcf426a4431e33713e8b905fab676 |
| SHA256 | f089b6e63f36414eb353db33a16d1ba48f66161f04c267c4f9d1246847d4f6b2 |
| SHA512 | f9d85c84b1ac5fcb6efb1d6713d4de76e57441415a026054a578627c14019246b802f7a3cd9729323ef1618f63153c793ef6de2c62daa5aa7eedc204d29f31fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 209c42c74047b40b7a22000d24c6ae12 |
| SHA1 | 729bacdce45390f1bb08e4805206f45b9b51e19f |
| SHA256 | f7ad1a5ef6cd54dc3f56e878f981f516a825b3827558275bd766f0d0a0ffdc35 |
| SHA512 | 70efd6d9d86ad889cdfea5265b672a40a84fe472c020f96512a3349a6948b2301fdcceb5496b58d774f1074ebac4ac7e44e204f45603a0e654958d3d790648ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f17f3b88271afaccdcccbe903c83296 |
| SHA1 | 6d7b281f5802ddbe8c35209e9c2b2cf7f3c2df7d |
| SHA256 | e3908761a0d86e77d0a2cd6d6903e75309ce939d2c985f28d1792e59880cee03 |
| SHA512 | 6f8f497a7fac1d4fb4a26adef1b504a246b3a43183078fd70874140732ddad1bc2360d40fcab732e19893430d07c4651e2edbd6925071715bdcb5fc29b995863 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4cec2364793d55f0f73d9352f4b4212 |
| SHA1 | 35b52b3ef645f7569b6ea9ec3ba012c0765158f0 |
| SHA256 | 15c989e44043343462d485ec7434be9c1e6213352ae0f6f3dd02a1828935a855 |
| SHA512 | 2d20b568848bd1c4f3a565fa9522862d473eff53cf50ba53114a3fe49bc3ec0cdab6a676c29141c5c581ec49fecb3794e374f5a28aa189b7b8611f2580ee4b6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87923143f877c73379998bee4c1e91eb |
| SHA1 | 23ab310625bd91e66cca59670f6fa6346bea9d39 |
| SHA256 | b348359af42942b26ac98937b40b8a6a8ce02fe2781a6f5603efe9c789834422 |
| SHA512 | e064055fd0d1f9901d398bfea224023d6d4e96347ca892409e7ac6cbcff421b4816f755b1472d2e59acf346854927b2e8a4de0668261242d9448c99e35a1ba57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bc307fe3ff9c7293f433ddcc0dca9c1 |
| SHA1 | bdc3822be1c6fdac14a167f1eb199ec9085d421a |
| SHA256 | 95454e753481dc188f7d05af6375370769de92a08e9dc2c67c6afd04b31993b4 |
| SHA512 | dbed27ffa2e031fa41aba953d509a5d7429f1fd9210e3fb956afc1128868a7369150f81436df8d3569664d59658f02add440b7e39ac4519cde880e7ef05ce9bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c709b8109992906a3a32949a4f018eac |
| SHA1 | db80a305db6775dc3823edee95dd585d13696fc8 |
| SHA256 | 491077acadd57330698bd3d87151a2b7a65813b0a965c644fc59490c7648dd67 |
| SHA512 | c958065578ff97b7a5bff3869ddfe86386b6065bd2c17fb86aa66577da62ccc4d80c76ccb76349a32c14a57d36daf7896e790e8ffac082be1273ef9d7f2bd944 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 15:30
Reported
2024-05-31 15:33
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\877c621d3b692873be2304f7630c1c36_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5704 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5728 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5852 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3992 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4332 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=1032 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5452 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=4688 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5820 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5596 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5420 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 13.89.179.12:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 12.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 142.250.187.202:443 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | 80.90.14.23.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | burns-lost4tmz.world | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |