Analysis Overview
SHA256
5c84424fbf176989153ed87e987d604800791842359bb0b67b8ef3d47086775d
Threat Level: No (potentially) malicious behavior was detected
The file 8face2356babd486c12c55ebe63f002f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 22:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 22:36
Reported
2024-06-02 22:39
Platform
win7-20240221-en
Max time kernel
122s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004b76345a4ac84e47bbf1e2723745993d0000000002000000000010660000000100002000000088e23353b4e15e76b7f7a45f54b19677b6954fee67324637b6c7150af8559d57000000000e8000000002000020000000bc55bc7b433633496ecbfa92e4b5faa5a1d4949c606c6e7498ced88571131f29900000003e4b4e42c1e62293ee1b1bf2344fd70e10ce7b005759ae47a436737206fa528b4abfe112bc1e495aa007c858954765373d21ee9f3f3a8032b78a355752a1926d8f15fe55022e4ee7f6fa4182662dd505b17c2f17eaf06eb38555662db2ea0ca2022e454c0c97c7b57a0f68456c705127096e8f29ab982625187980d39d1c96dbf2d0af395a008f4c0358f29388fce54f40000000558b9f7ee27550f0c19e47cd6788f3bf0293dec65fee6387dafbb78e9a35a61a54cf7a811280dfb141fffc7c88367f1904f19198be7973e3cbe1357c7c9cfe52 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0bd84623db5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D454A51-2130-11EF-BAF4-4AADDC6219DF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004b76345a4ac84e47bbf1e2723745993d000000000200000000001066000000010000200000008a888368ba5c79fbfa0c630556f68517df77d452c9f6acb6013a53f68140e3c0000000000e80000000020000200000004a644098efa5f22bc619259103d6ad5b1342a681f10135707d10c5a5b275e3ad20000000ff8a2141b34c43722ef7f810128e650a86ed93a2860e86db0d9313961915cdf2400000008c068d20a41a2010a2726e576004a1ff6ab7feeef017cacbff47472a67983b991a897bd01605db430776106f07018105a996765bc1a478b341181304b74d130b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529656" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2868 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8face2356babd486c12c55ebe63f002f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.11.155:80 | saltworld.net | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 104.21.11.155:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab282B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar282E.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0fe896c1fe25eb524a8b49a572503f14 |
| SHA1 | 244f5ac2e4e56bd4a924814ce4ac3ae4f900f94c |
| SHA256 | 057d3ab57e61cf3b84e64d0ed324b5ab2a29b4ad2e81a107a17bb24222474e1f |
| SHA512 | 718286f53e834eaf6ba5f844980aa1695f8477262d49dee7279241c466dc118328f1e5979ffc09e76fb52a81a0d5cf1f8a96020f6ecf861c057ef0d487f366f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\Local\Temp\Cab291D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2930.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b52b14b81115a20e061ffa35680490d |
| SHA1 | 018c52b74ca9f24fe363c650b5b912017ce687fd |
| SHA256 | c90ad4e2fd5e43403e1f932dc0301a41806ef0a35163b5ab4d16208f250f854a |
| SHA512 | de6d51b376206bebc2abab9dec6e752cfbe9ce71bda408727f6feb1453c0591123e572a1220a93375f6114afb23dbf12e985fed7f59c9bdeadaf9316f41e7300 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff4a5811f2b27ffa4c81ebe704cbf728 |
| SHA1 | 227a4652762e13045303303f919605e96e37b952 |
| SHA256 | c1dc8f2bd18bcbaa240cf89434faeb06f8875acff689d37290efc47e8854d6f5 |
| SHA512 | f73948ab426d5e8f9479a516d6c3993645ff9b0bc8e5ffafabad4f641c02f31ae68f9ca59cfefb666b941042ab085c2c802316038729642a6a9534cd49f99851 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 909ff5143e50dd5b738ad8186119e12a |
| SHA1 | 4461e3d32a6d1b596cf80d7ff4e1c395bfc1cc4b |
| SHA256 | 80465b676e10ffb84753ed19d4d0fcd946a1de5dafa045c9bc95b9cafda9cb31 |
| SHA512 | e4904cee903a773f50ef02e488f39ba6925be69da9282cb34f85c08fc1536a42a081691ec0203284a530b26c8fc058941a3ea5c79e1023ef927ddab5a8505be1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4b68023b95d2cd2890dedf7ade7a7d6 |
| SHA1 | cdc9b81584a4f62bacdef3aa1951ed52fc4312d1 |
| SHA256 | e1c4478709f512a03c3d85d24009701469c36d162934a10afdaa2d9f2cd66e7a |
| SHA512 | 38c42ca3571f2b3a48927abb62a8ce84b28843ea3122d69da8bac81b5c02652aa2c30a045efb7b71ff9bc30caed88578cea13a1a007623f1371d7bc564fa58d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5291d57288f94632b7f9d1a32883ab48 |
| SHA1 | 7f5293a6982de229a5ab40016cc51649a5a82bbb |
| SHA256 | 0ec11fffbc4848a91392abff5f404ef7192d7f52de495cc274b82ddff1eed70e |
| SHA512 | bb547813ba70320c47c27f2285074221fb664512d7be26babd1daf31391906b6c989256cd5054d65c288a2dc98f48ad44dc9577368a26536fd9b5df92302d9db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 296ac2ccb612ef048a77771e197bc70b |
| SHA1 | 231a8a726f54c68c00b64be26b585458c89e20ea |
| SHA256 | 764378eb132969c209759e97433b21fe73167f9b99e9881357d36142f02dbd2b |
| SHA512 | c53f83cdba895bf4db36ac843e8be1394aa78bba4fcf189a81c488d103219578148c7e8006462f74508ad0ab0c841491b32402b534c68bc06f849c40ffb150aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1856f6ee3f5f9f9b07168fbe05855341 |
| SHA1 | bb673f6e08bca16f6de568627a8b3807a204d54b |
| SHA256 | abb8283cb4773ec6be57a1ec7888443774dd619f85e1a0e67e865c191d433907 |
| SHA512 | d2e19104d0042ba9b19dfaa8a0bdb81092f98e3e0e5fd91d788eda42aea481e8cb7e368d73e3099a7e312471ed6188afdfd07da1ce002f7857ade8eafb03a24b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5feedf381cec5d1a05841bd71ad978e |
| SHA1 | 941ea81a9f56d74b6e48f90abaaeceba408ca3c7 |
| SHA256 | 6d51ea7eccc1783aef7ee90a75dfb668e768ba51b641a433359e6e63ca006d18 |
| SHA512 | 080e461061aa5859313f197a1878a26162b57c2c0c54d78529ffecf18a7272e5d67d341e56d8fdf39e07d69ff886010197f466f361dfbeb8ca091efe06e93c58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecc3d42bb5e781a6e0bf8167940bc1e3 |
| SHA1 | 6b684b666665d3f5b1868805ea69a762aa14a84d |
| SHA256 | 1e196e7b0b931a1b8f48cc26d79b4df64d3567ae1af05e6657fea2ba77d82556 |
| SHA512 | f7d0eb8953fabdad729ffcd3066be17d64fc9b20339917f34f50f707e3b6da86e3e4b393d3266a12584caeff4040aa2894709ed271f8210814483301bca5ea71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87816e625bf1ea875565072de6251bd1 |
| SHA1 | 1c82f7edfc0026926761c9fc09feecd2facfd227 |
| SHA256 | 07d7d6f9cf27f99180d0116cfa4085a99aaeadbf4b01a747be425f70d2fbba52 |
| SHA512 | 5b389d5f52fa362b4fc9176c461fd3179dbcecdb049045f2a9dcf7e51eb8ba8bd6d49a9732ef41f7e9a0d55de9de9b5dfc1484893da98d7b1c75a938b67b9f03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3490ae05eb90977bb2123486a6240225 |
| SHA1 | 678be8590959c1b5a49fd7983a6d7d2670370a6b |
| SHA256 | 85c4378b8733d874e2706e4c2fcc9a964b80b4b7f78134d28217e11cf7166b98 |
| SHA512 | 582df26ccdfc1f8fec499d6594f5c03ee4f2c0226bda1bf022f2fbddce1172efbcb0c029fb293eb2be308c0ab0f3d4fee19204a43ea6f21e39dc7928ae07df6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0427fd19b699c7bec3eb5c7319460d1 |
| SHA1 | a69eba6461d181460f1efff81f7c558d9afe50f3 |
| SHA256 | 5f6f93b42cd8095ed49b7f650ac48bd49e60f43624e6accae4137e1305303d48 |
| SHA512 | 59192fee34489e424d84822eb4b515a6f5bac146b9dd0f6ba0120bd6df8d5aa366b1c769c5ffe744dacd09313846a1a76292047135d6163dd2ea5cb48c3850b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd5770b0b796f720bd0652597faf43f5 |
| SHA1 | f9397dd2b69baea122cf8b6311e2f27a97771f1f |
| SHA256 | 12a1d4c6dfb998f4f6b1bce5b9a8b878baa2eb603aaa004b7e16f6c0ebaf0a61 |
| SHA512 | 751b9be7b59997cd543131f6971fb815293d7108e952ce8290a78a1a7687ea88b679d43ff98e0ee257c31413bc791f09b07e35779fc8040306b2f2c189ab537c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ac98768b41e1fba238b3813c5af5d113 |
| SHA1 | e7537d5d0988fcc7af885a73d99d73b17f38632f |
| SHA256 | f7a505b37a57b548b89af5de0ec4e7ac852512382afc67279695e30520e57805 |
| SHA512 | a0b093e6f70c765494af8d0d04fc52b38f0234b8d48b47da7554e8e0fc5cee715ed97e1c166f9bdc18f7c0d30a9e218f6463ae93e5d77b5e7065f1fdeb029dbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ad834f9eb8b520e1593af6be057b6ba |
| SHA1 | 34a030c1675721979bd9c3c7a64ce8a40a3625b1 |
| SHA256 | b9860b1b81c7934671c9cdc1ab39fe5e82a504f3095a6544e0e35788e93d18bc |
| SHA512 | da854c3338565c144ebfb27d16e926551ed6873408144f2b4fb0413626ec6aa53be52f678196f347bc8ea55c9e6920cb6c864f6b517e3dcec0260261224907b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da64c650fa2944c0e17e11a623fd1b5f |
| SHA1 | a96a3fb8ecd49c42512bf3d475bcd35a2283bcc9 |
| SHA256 | f50965011172bbb597dca5bcfc747299a1779bd301cefd7873437613e3e68b8e |
| SHA512 | a49ab9343dd36630625e6def31c07a3f4f3d7b7724d65782fb8649ca49567718b5c0863ea6030b1a2c72cec8c517b9634c276a61e779fc296a6f2b0cd7754d9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04682ef1946f2e4983cf24c59cd7b46e |
| SHA1 | dd5ae3e11f5d618309164ddd9356c3d29188e5a3 |
| SHA256 | 9d2c58a670d3c202a9025e1a12f6877d347ee944ec67b8a8a7c5ce1936a54821 |
| SHA512 | c926fb1df0b19cdcf240f584d8451cdd676ca1a5f4be3c8d90a41d4fb3ba29a852a74d1e8d8bc2c9c9d4bb1233141705d0528731d1f55b8583a65307518c8d6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dfbb862f9a693f1c507a48f535c1084 |
| SHA1 | c081d18bcc9227b9757ad10879244fcf2f67992c |
| SHA256 | 701da131235208a42412fa3d705c7afe09d9864c334608e8da2d7efe07dff83c |
| SHA512 | 0e0ddd6e5157f1ff47b8b5a698c280194de83381f38ca339d36731f93fba35d73384ccca37e99f5b4bfbf1882ef6a60771e43fdecaeb820d1b0e69fbf825fb89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 14047ef45a913023827fd57dc6e2a541 |
| SHA1 | 0245905009f26d705c365e8564b44a5e83042c21 |
| SHA256 | 7c69f18d696f8de933669ca818e1b6e18d957f20a5fb3cc5732a296d0b28a6bd |
| SHA512 | 01b036065ba449f4a4e17ef1de2a8429b9c613e89d322ff68a18cc94a38a8a620ae077f70981f7b48282a40c2c27961bcbc08510163fe63c86bb4566b8a922cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 759ceb5b081f7db831b92bea985f4289 |
| SHA1 | 103fc82e87d3991d2be4f6edffeae8e70efd83c5 |
| SHA256 | 202db7d268a89e98dfdd4b41bbcd25c06b6f85f3034a27c3daf977d4632bf0be |
| SHA512 | d5dcbdbede714f9eeb4f70156c9b5369ac26190aff691a170d32f29e6fadbb712357941f9b730ddadba19420c7a9a6ef7ce4e10070534ae7213528aea148fa77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f465fd567299fe3140d3c2354eefdacf |
| SHA1 | 4482d763024c5e2a1fdce9a50e9c6d0f220d098c |
| SHA256 | c0fe47c80266b072000e5f4ae625f2ab53f84dbf95c6e0bd7bb400e9da08d682 |
| SHA512 | 455910eab55521bba10253834e61768b5987b8e403951036e71140da5b8fe1cba093e8feda1843cb1a1eed34a0d0a74bdd259027e85a4faec7ed02d6548d8e9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c86f42a47701d0e4a7647f63494039c6 |
| SHA1 | 69cf5269d5c38eba42b5cf4a669728e6948b73d6 |
| SHA256 | 8d6aa671651f37538a01149f50a126d9435fbcb368fa45e33cceb7494cfe7522 |
| SHA512 | 515315e2fe239cbc927928b89bf47accc02c6cb4748bdac303a121453966b33299d04c9a91323de18a2dbfc679fd94da7ad9e408095f8a9511bd09293aa6d6d6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 22:36
Reported
2024-06-02 22:39
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8face2356babd486c12c55ebe63f002f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4044 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4844 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5680 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5552 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3848 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 142.250.178.10:443 | tcp | |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 104.91.71.140:443 | bzib.nelreports.net | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | 97.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.20:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 20.173.189.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |