Analysis Overview
SHA256
4a3c4e05d52215f22eb74223d8e3422e1e7d7b1f1ba648ee2a283cf595b70acc
Threat Level: No (potentially) malicious behavior was detected
The file 8b5bd9e5e1daf1cac245e2ae5ce9cfc3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 18:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 18:27
Reported
2024-06-01 18:29
Platform
win7-20240215-en
Max time kernel
117s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000097ea7f05181de44f8c10036300defae8000000000200000000001066000000010000200000004495b3d88081ea1726367d8ba5323b7cfd3513a3401b0f8499a7cb520e87bad0000000000e80000000020000200000004277fcb354ad329042c564116082392933cc4a2a975ef73dbe5db541e9b4f20d2000000010507c1bbcd63e10e035c117aced54bfb3d5942fa1a0b09a9ecf85ea3c2044b8400000000775c68015a3b6f4b27abb18de4c9335ed26699feab254873487d75c6512e6d792d13b51f335f5914f8e56fc2ef3e811e6972c2759e785ba88ee829cdcc171d6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423428309" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{95B55A51-2044-11EF-A41C-62A1B34EBED1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000097ea7f05181de44f8c10036300defae8000000000200000000001066000000010000200000009ef15e9b82b277b99c840a0ebe0b19d513983504235f4963b28a300af797b290000000000e8000000002000020000000f2fc343ab5d8e19e75f3273bcdef38b1be025707ac0e9b25e07ecfaa9d3a6daa900000004795f84d1b6f1bc1e1183c6910a496052db240f47146fecff8ec8ae6685fa064f340dbd44e4d28593ff35cefc12783371dcbec67ed1a8235fc31ebb8b9605bfbdcceac9cf4641e70c14219cf40ca3b3285fb533907687325739b586563152732834778375781997859a330d3afbc5dca8c7cd912f0bb03e1b2be53ee59811d84112d8937b9a7ee93e2e28907a699581c4000000089175124f67716b20ab6463d669ff55495fae544512d5aaffec9be036a092686559c7dbedc32aab2bfc63a7df0db8a2a9ba1e9563344b746a3cddcce2c085aab | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50ea278451b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2204 wrote to memory of 1204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2204 wrote to memory of 1204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2204 wrote to memory of 1204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2204 wrote to memory of 1204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5bd9e5e1daf1cac245e2ae5ce9cfc3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dr5aqouvla.com | udp |
| US | 8.8.8.8:53 | bbs.paopaoleg.com | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.234:80 | js.users.51.la | tcp |
| US | 163.181.154.234:80 | js.users.51.la | tcp |
| US | 8.8.8.8:53 | s11.cnzz.com | udp |
| CN | 220.185.168.234:80 | s11.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s11.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s11.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s11.cnzz.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabCEE5.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\CabCFD2.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCFE7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b792ffb4564d9d8a67231c1b4f4c5ce |
| SHA1 | 63794046a3ed6b0c10c4345c8760e916d9909c1d |
| SHA256 | f574bfc8b6948b7787fd63457882b244ba170a3579fad888eaa7b0f1edb1822d |
| SHA512 | be9bf44eadba8252ac1e16b5b3e7387fe168d39c2b103da086da7dff27c3c403a43b71a2cde8f492ada91c3f71e388566fe53edd6e7f581c76e2de9bb924a7fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 124b2c4ece251287f6fff1b27598f1b8 |
| SHA1 | 3e681fd5ccc5c32b1d419bf28f6e49d97a4b993b |
| SHA256 | ca605fec8fa0691473d10b0611787f6d26488e75a41b29a54525ef068f35c8ec |
| SHA512 | 447550b5eaf45a9743ac0fda50bed4940a0653e7501579d40f2488992dee0f224a265655f7720a4d65f90de211c00a0f8a6a7df80315fdf90fe848e09e575159 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af3356d6565de3fbe8aeb28c92409731 |
| SHA1 | 5d819ff839748139fa85781447560cf876f9a3bc |
| SHA256 | a0aff5ee32e51bd45f21790d6d8df3033a7f99ea5202b899ae4fb49f61c3e2b5 |
| SHA512 | a3894bd544ed7fa39b5ddb7fd2c50ef4894b65356ac727033fe894472886d60d43e76f457b9b4d8d295eb7e8d324b19f6502822dadf65927d5a460429e23d773 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ddf53eb9dce83378d2b89942b2f2143 |
| SHA1 | dfa431c35c293df0f6e5c1323958ae103964682c |
| SHA256 | 6a22e6cf6838c93a4452cf420dafb506b2bae4f8340d729874166d345fb20a13 |
| SHA512 | e82b5d692933c27471750f7ab8c1e8e04f50404c11792e82c1248d08b0a9d3aa7ddc64d35173c8a0580242c880cc11465e68b76a4db72f67ee56fed06cc080a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a0e989ac3a30da2fc8eb6bb4e2cbb9a |
| SHA1 | 62639af209418bc015385abf6d02cc796c153013 |
| SHA256 | c926e752d5f2afca3e304fe2069d5cd655112c5bd16d3911e38341f5bebc3845 |
| SHA512 | 1e3b672acd31d697059487fafc7dcd8561eaa7c63aaf7a836091ba041cd376e12cb386ebede5d1f8443ff12c498ed15382176f4513da3b80eafb0003eb1d9d7e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d38ebe72d762eeb356dd026d5014202d |
| SHA1 | faa7e2b14692df2505e619ee3e64f67d4d1c9823 |
| SHA256 | d35be54353110d3f44b995fd6757d1c076bdbe7d4d127b624174e3858d900817 |
| SHA512 | 3b8b3e6bf3779c8eab09cf1eaf87bebeb3b0dff83f6b6d944d1dcda919ba7edb8696fbee67fac8d03cce7325dd9805aab609171a171e7818764133d1d9150017 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 595da3ce3f2fe427e073d3d703dfa8e5 |
| SHA1 | 3759c5749c2735bb229c7cc67ac6fb1ee8a12201 |
| SHA256 | aead5790cad1a3f21a100ebf56e84fbffa46bd8dc4bcefffd0c6c70d7ee29a69 |
| SHA512 | 79a9b16a709d29d40e88625960f9401c7cc6b99a653d6ea3b94e1e17910bd4ee2d5cb12f5df97af537a24a8330c6af29c054510f3f3399374215425400cf7988 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ea24c963b695316bd5e03637bec014a |
| SHA1 | 25a596947b9e936b594da85f34f644a68404b8b1 |
| SHA256 | 92a7ea476b176e5de37d8e7e74ca3990213f3add4267074f3a01c59fb077e157 |
| SHA512 | 872c28bdc7dac00dd91640d9be8bd259a53bceacbb219d35151d8f45d9b548bd2517c751a9abc264d206517cd2e53150194acd57db6c1024a7409c8075a82554 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 859400f7e023e6314474524d038a50ad |
| SHA1 | 0c70c527977c75e56abc302b1e0085a2b2798ce8 |
| SHA256 | c837a8890fde69bb97e1b9aca249df226299124f1730c11880ad37b8337955b9 |
| SHA512 | 4c5e5e1b60c548c19b6f3c144b73c2e44cbd703ed387c0ad0cb4d77ba56af95043132a2f8a8e6b8fa1f8d92b42855a9ada80740241c41cfaee40182a3782d08d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 606851a96cd3880783bfefd706fac927 |
| SHA1 | 8493c8041e6eaf177ba9768183560ec791b88fd3 |
| SHA256 | 831cbb4e0badb7dd2f994d035b3093e227f5da42d9408e424857687e7112a246 |
| SHA512 | 62d974f6eb08d4ad0b487611fed3188277680222cc30dfea01d241f981c0a7e8213c2fe4d8a324ac7a191c4c4f84be3e7f4a665ad0d9306dd04dd2b0c93d3037 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31c64ccc0f54ec2197e87bfe932a2ceb |
| SHA1 | c98d598804614bf28c4781fef4d94b8609e696a8 |
| SHA256 | 33a99d3de7f270f8677ef4ca4bb918bde9c0623147fa0eeabb98fcb10da19f32 |
| SHA512 | 5ff43783f26eb98066b92a6e48b26cfc4bd882add7285578d148308d686bd4abef94ed796749ebb277ef13bb213659c3539a8d7c14d2ed538e4159bd6f910d97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e05f7fd99a28eaba78dbc69e88cb03a9 |
| SHA1 | fca2e79c6c97b6444ef0c8052b52c8387666489d |
| SHA256 | fb7d5fce7e708db12ddc4efed8f391d6a2fa26b8a28a1e9f10c457a43226bece |
| SHA512 | 743fcf13b0cd02644b9fd3820783e602fce97efb39cb3f0a29e15f3c56197ea533a88ab18d54a1e44ab1b62ef6e2b7f06e1e70776912e344d96a6ba58d3612c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d8e2276c3475ec7fd8cd0dc4da57e49 |
| SHA1 | 43c60b64b8f4120e9f7fbd59e031c02fca5d1b5f |
| SHA256 | cfe2f0900160b1dd54b7e8d2eac11d90a78410a7a0afa412adb8ab2191479f75 |
| SHA512 | ce11d0e95c59c4f10d6752c95fe74139a4b40c9e29769302c709cc59053aab8117b18831d9dfeca8438f90a2f35435e4931cc41038f2f0e9adfe020813d9389c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccadcfb3f2c6090d531737eadee4ae13 |
| SHA1 | ade7925e7c23097b9f0571f4b689e1a2d3fdfff6 |
| SHA256 | 799f108ecfc3989a45c481515653d2aa30eb35228a3f79a742456af545c0a019 |
| SHA512 | 35ea0ba91564e0767fb08715b4f75a96ec255e2669292dcabb9c3ef86cc15d190c8027aea3b59e6099a97ce6786751b4eb7767461a68a764720a6a59a8ff678a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18828e3cf2fe8cc99e8d92d2f694561f |
| SHA1 | 424a0f67bcbf5996c0dc7f4800b6af57c8de8c4f |
| SHA256 | 260af666e9d0f90ba64808aee45bfa041dc7f100be023c321ead2e40b15c4f93 |
| SHA512 | 290f12d9027234066239f9297ad32543e0bfe99c60a38fb24d5ef952db501f1f39a69c266685474e35d11c4c45a369b2b7e55aeff5e51008d645078a6aefa83d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9675c48960914e25aed2b15922aeb60 |
| SHA1 | 54291e4de66915f933bdcbed6dea0b3aad60bb0c |
| SHA256 | 4c7a40405497ecd9d8aeb554e919008ff01d8bcee9c91da5708254c3700399bf |
| SHA512 | 453d9dd15b2468c4d8039dc6c6649c212680fe69e45a9f3a0ad1becfc1017fbc301d7ab5e034fae3ea5af8f387119838d21c616aaaf783a8d2a0272d387054b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84241cc6ef4caf09f53eb6fa363a3229 |
| SHA1 | 61c5fd974eee38007d70c2f348f877663c666e64 |
| SHA256 | 4bc81f068cccff902b5b04d6e9940d8da38a7b57451cdcb02ec98d9d39d4def6 |
| SHA512 | 1ce5b400ae60d76f758d379afe8e3adc0c537e5b8c29d0d84b01783b698eaefc77c87eca3b086e87fd65306f508be1d08b1a44d09f7d9a70cb1d9f5152889394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f43482e8d0edda4198beb76537cc8de |
| SHA1 | d00addfbd45d4d0df61c2f47b7648a00c3e3bedf |
| SHA256 | caafba03b0b6d63def3d38ff408e0f3280ba47c22a968b09564b8039b2ee2931 |
| SHA512 | 2d2abefc31d6f90d744cdf28a1bc52e152a1fb661eb06ea4c102d8c1a3b4d171c7f5ee2345a967c8467f1905f80bea764f536c7871b938a85c996a01f57b00b7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 18:27
Reported
2024-06-01 18:29
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5bd9e5e1daf1cac245e2ae5ce9cfc3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5396 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5432 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4820 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=560 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=1404 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.dr5aqouvla.com | udp |
| US | 8.8.8.8:53 | www.dr5aqouvla.com | udp |
| US | 8.8.8.8:53 | bbs.paopaoleg.com | udp |
| US | 8.8.8.8:53 | bbs.paopaoleg.com | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 8.8.8.8:53 | www.dr5aqouvla.com | udp |
| US | 8.8.8.8:53 | bbs.paopaoleg.com | udp |
| US | 8.8.8.8:53 | www.dr5aqouvla.com | udp |
| US | 8.8.8.8:53 | www.dr5aqouvla.com | udp |
| US | 163.181.154.235:80 | js.users.51.la | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bbs.paopaoleg.com | udp |
| US | 8.8.8.8:53 | bbs.paopaoleg.com | udp |
| US | 8.8.8.8:53 | s11.cnzz.com | udp |
| US | 8.8.8.8:53 | s11.cnzz.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| CN | 220.185.168.234:80 | s11.cnzz.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| CN | 220.185.168.234:80 | s11.cnzz.com | tcp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| GB | 104.166.160.226:445 | ia.51.la | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| GB | 104.166.160.228:445 | ia.51.la | tcp |
| GB | 104.166.160.229:445 | ia.51.la | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 73.239.69.13.in-addr.arpa | udp |