Analysis Overview
SHA256
74902001c62f07ee070cbebce0428fecd18c31b0bcea9678d42eab37780fd18e
Threat Level: No (potentially) malicious behavior was detected
The file 8fd8ba54df921f166c59ec439087a960_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 23:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 23:43
Reported
2024-06-02 23:46
Platform
win7-20240220-en
Max time kernel
134s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000030cf21f66d8cd546ad1344324cd670ff000000000200000000001066000000010000200000003e4cf035665bb7c25508dae67b8b07d66d40edc995a7526daa792bfcd47f3e75000000000e80000000020000200000007577192e9ca5f776e6b0a66793811ce8a5ddd4d7f808de2e7f83953000033ae9200000005eeb0de8d949f7104e6c0d008604c9527bfb69777e92fd3c658b8ad03ed462f8400000009021677d628e6552d6f756f7ff74b0d11f76f30417201300c22af2f06dba363c442df400d22502824404794436d2708b6e2a499370c66bbed403a63b80015840 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8DCEF81-2139-11EF-9680-DA96D1126947} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0761ace46b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423533702" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000030cf21f66d8cd546ad1344324cd670ff000000000200000000001066000000010000200000005b7921ff3cc8f6707f26b2ef44452ab8236b1594a1fd5c6bab31478e9ef414e4000000000e8000000002000020000000a5c05affba2b899cc5e361796ed0f21acde9c7969efd3cfd44ae1f918e8c0072900000000a333bb3bb012aa71230caeeb55de6e9a8b7efed571eae83c49db8fd1f69321a771f3d90aebf9103666b2656e48c5a43de8737e883ed0e4f8285a412cda9e2747821c5dc75f99968e805ee0570049d70de98cfcd3c0513377ae01484a7554b5163b02f1355d7062739d7a4f24b8f66881a98187ebb18bc4d0f029a69e0d695a8844d646aefe4b87539c5e6a73d8f695c4000000041077cf95344dcb9ca0ad350daa38883c88d9fa4854608b29740a682b7bf352873955e0dd1b3f5a0dcbef7e9de1dfaf32443a6bb30ed2e73110a22b023e8cb59 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2252 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2252 wrote to memory of 2556 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fd8ba54df921f166c59ec439087a960_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | urbanislandz.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.allkeyshop.com | udp |
| US | 8.8.8.8:53 | megagames.com | udp |
| US | 172.66.40.123:443 | urbanislandz.com | tcp |
| US | 68.168.100.199:443 | megagames.com | tcp |
| GB | 172.217.169.74:443 | ajax.googleapis.com | tcp |
| GB | 172.217.169.74:443 | ajax.googleapis.com | tcp |
| US | 172.66.40.123:443 | urbanislandz.com | tcp |
| US | 68.168.100.199:443 | megagames.com | tcp |
| FR | 176.31.53.220:443 | www.allkeyshop.com | tcp |
| FR | 176.31.53.220:443 | www.allkeyshop.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.152:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Tar2B79.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab2B76.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2C97.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f69efdb4c1d15848512a1aa1d40a7d56 |
| SHA1 | d25f6a5c20222c792bba66a6195c213525acd007 |
| SHA256 | 162b79fbae4fd2519056e0865e111553765317adbaa53f9339718c2597173e9f |
| SHA512 | b299a2b6c41216e9ebbd5b8f5ba29ea088341c6c162a4a39659ea1a36c6be61f9520e9422323dcd077da7b6d1014b9492b3d00e29ba6c6d8751684b55497f1b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9df5a5cf6a76b5fb4265a378520c5dd |
| SHA1 | 2aac81605309001f25d79fc79d8731d802d2d2fc |
| SHA256 | e40f77ed9f80eb5e05d3a242b71d7f77ba2bfb5d5a3b7fd23fa5d17aa795965d |
| SHA512 | 574e826d1301b7e3546b038927d29ff50bc388fd2ef3c801fd9c0af5fb6cb388874238ab044e80045503ce2ab93c4109a8a92f0ede8349318c049750c65b70a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 941c878d1dffb6f580a39a6bf4f7c776 |
| SHA1 | 587dd75f1c838791b6cf4cdbf1062c82822924d5 |
| SHA256 | 9998c89b86a40953884d2324bd6a1db5df04dac98d00ff7030198fd6c9cd4e51 |
| SHA512 | a27042aae25910034f981a909b9c856fd873fe7f361890a3d7e5eb0ac279e4b8a0ce7aaeb365671a09c699913c040e3a1ac496c4b44e3a74a43ccee747fc8ba2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b31ed43e5b7a0930e8622ced6cce1539 |
| SHA1 | 35f43feffac05976abb2aa9c846aa428267b4706 |
| SHA256 | 88e8c932dda388ffad75a971643143425a7828b540a7448c03cb1add3a852a15 |
| SHA512 | ae9a68ee0797a312b1d7f0c0e7881d83644190abe82dcd4e0729af5153940a2f1a4d5d99d0cb5c152de6a7ec32ea1509bd99d24ec067a385093e367381679d9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3a71f9d204011f8254795ab942520ff |
| SHA1 | 283f740c27aa00549629968d69189a09677a31cb |
| SHA256 | fc0357938eceb8d3b33ffd42cfadb9d6fc93ec93ce6ff90039578ba27d3b9d3b |
| SHA512 | 1ff61ac578d5cc9cf164bc8282e08b5e537eac10c19578dc835bc8010d58c4813a982096fbcfaab5a18b293e8f6ad80b4a849a9ecde700f191d7c181ee626781 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c038352f5dbbd5e9a5637073e660dd3d |
| SHA1 | 5abe89f75f337274eebe00e668acf6624581b90b |
| SHA256 | a176a11bc48229bdc0a081b6fe7d6bc62553b3412e78542eaa9b948a559462db |
| SHA512 | 1a9fa6e022a71de3d253c70ffa860b2126d05880fcde1044f41fc72559800032eed591371830d6812c151c2c91cab583f3f79fe230c52dc2f8cd6270d26ee8ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b621fcc4dc7718a770c1abbd8c31992 |
| SHA1 | f5b461dd6a2bf18bb83d6b7eae74562b324de4a3 |
| SHA256 | e6675dcc42091dce227d0b72a1da0d6f7c9ac3c40a0b39c960574777afd44d5d |
| SHA512 | 48b721ba5389028cb2f2a9e18ec168128c76b1eb5360fb8860e147cbce9ab014cd268e06149e022e6d0f9b2378d989ae185484a342bfa4a62687c9198b6245f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bbfa77916e16fccd54def9795996f73 |
| SHA1 | 88d3a0ada9df27e84dee243d0714ca006a0ab6ee |
| SHA256 | 21e077a2169ef88bad5d47c1339c78ef2ce30c72da60399e837a8eca8361bb81 |
| SHA512 | e8260adcdebac5f04867c696bbb9a29bf21ad0c53e79b83d8a6c0174d93604a3f95094c06676c59ed79f718f8ab5543048d932dfbcb0652ed1ff6ea0a9eef8f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec7ba664608d39263ecec2496277d391 |
| SHA1 | 57f5002584c4620ebf4a1d17b71bb646271db4c6 |
| SHA256 | bcbade37147b2c7703d7d27f51fefa984eed2f8c8b1544b322431b39645f5ffd |
| SHA512 | 7b260ca762182ff2742a06752c024cef8d8a1ecba6b2690cd0dc64d9a444d81750ca2d8fd7f4529b9b2e1003db0af92fd229483276e8bbed6ca015d45ba4ce00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ee4ea7e6b60d7f73270cd699bcf7831 |
| SHA1 | 95aafb26b53c96fbaf5cc7c340bc761951c8dd1a |
| SHA256 | c967951aa888a914df8f5ebd9c7849c9b2f651010c2e602bd481c89a931df2d4 |
| SHA512 | 3d46869fad887694a2b0c3395732dfd9692c1caab7b2f50e29f83d956ce0944d3d11cf228a2a58a54cf7c458981bb4590dc3b80d8b59bd497114b92ed96f4552 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2484ea50183add7701c356d373518c3b |
| SHA1 | 8caf2450e5897028623e412b77187760bd1493bf |
| SHA256 | 5a4309e1eafe4d4481b2a479a0499f2abe79abb29e946339792589f3bb7a9b89 |
| SHA512 | f3f5bab347a600177a2b8cd0fb8825b26c7f58ea15f0eac7a7b222b0d3195f3e31dc87516bf72a944d9e7d5547b06d045e1871897777d02d5c497aa8afe7b5ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76f05fd5221844e18ef2def144d7575f |
| SHA1 | 4b82611cefaee70029f7eca0cc5a1f0a5dd1ffb4 |
| SHA256 | 5ff76071afed5951e3048283f04766411ada0ef320b2add265a2fcdadbda6e2c |
| SHA512 | 9441d415f1104765fb204127001886ccec97f36bc4fe1f382a05ea6016f50de6464536f0e3664f323a6d497e7d390e2a4dc5d379f8b85d1ee4fc2147d5197bfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8feca1f921c7a9a94995fe552bcacaa4 |
| SHA1 | 1ce2d9d1c0acd2eff76775b1e5afd8de1ba0d61a |
| SHA256 | 485790ef0b71f69331623771fea722ea5732e9ad494638198e6e36895873c824 |
| SHA512 | 2013d40fb7ffe5effbe68d182b5f4f8bfd4e7533342dcd3cd496b28fa5f4f4af67e81497e2c1a19addd023721edf90099c05d96893ab46079512b50a1da75482 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d943d372f5a2074f75af36d975e88376 |
| SHA1 | bcca680d566b06baf1bb32cfa0437fda50bae708 |
| SHA256 | 8522f565880e2b7d7d97a487585f36c40df3d50c39ddb764d5762236a85ca695 |
| SHA512 | c11fd4c1d36f27b9e1353080fe8be705768c6c9b889c780b0f74322579e85dbeccd08a87517b63dea24fa7555ce42945e05f1eaeaed04fc3789589c0eff282db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7b6072f8ad81940c95e306981c51db6 |
| SHA1 | 60a7fd398028eb1456c42d7026602770bb5d13d1 |
| SHA256 | e1d684a70d638dc3db38506426cdbdc6355eee9170bc2d86c228d99abbc5ddd7 |
| SHA512 | b7f113056d8dc3a8c34684a1773c5852e5a61604923e6986c0101130cc784ae0125cc963894d05d45f715c4d3f205fc9431a0422e5e89544e3431f00ae42db02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a55d9fc5d4eae725a12f33777f26314 |
| SHA1 | 4f8cbe6fcdb1599a5d27885eba10a2718131f72a |
| SHA256 | d445fb78a050383030271b471626c38fab7f3919ce47be21fbc8bea7576ba120 |
| SHA512 | 35fa8bbae019cd62a5a2a3b109cff96a5bfa72aa91716b4759365c5631d1b218c484207b3a5cc982feadbb56e8881a3383ee3a9440e60abe6306ee89396499e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cef883048c5c0923104e5954e8e83a6 |
| SHA1 | c963a6a2a66b9a2e73c714f057dea1fc73c7190a |
| SHA256 | 37ebd866df40baeaaa018ae0d6d2e7bb840eea65d8aa71a709a2633741a16521 |
| SHA512 | d5e545a1032857aa7a3b628986fc90da39777a28cafb7be096c4fcacc1368ff48c7a520ddbab7cf2d7ec0ea008408b68184abb086bacc9a6a239157fe82f594a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccdc475e3b2c6c1f1d80d58ec34b82ca |
| SHA1 | f5c120b0e0a07bbf009252a7eab16958dd626d7e |
| SHA256 | 4541d780f58a8296e84243bc8de706b6416dd29fd199d8448ff1ccf321fa694b |
| SHA512 | 3fe1f64ff2837c65447a85531f5bfa9c9ebddb6ffe97b812edb84a0fc354d6da32266bda389b40cae41e7bb3b0c64aba812888956a00d1cddeebc6d9d9346e19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09c27b428a448c007b8d28a394298b53 |
| SHA1 | ba9f4fb525262a860f96baa894b52e5451f3c5a5 |
| SHA256 | 06cd4cdba7bf9131b8ec46eef00e78a906d36db8acd689b8f4204c8d158e549a |
| SHA512 | 520b97f7998aa39743b6503402ffe4eb1733b96b0d5c0530fe5c6071c6eb6e2e4036c13fbe7d4b327aef137db56a58b47815451a7702f7db5da59ddda9007658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 24bf80f45cdefd0bcce3edb0e3572177 |
| SHA1 | d66921360699d26131c2a3a96cbe4d7de0e302ba |
| SHA256 | 6a19f5775d7a6bc1cfc74cd2e843e38b4e624f222061a64349c4130a5bdc506e |
| SHA512 | f9afec782e3ffa2f515a8db02febbf62174497ea32f6806db9a825b725720c86570dfc1f0fb639e06a31aeab3ef8a2205c319205751a43ca257ee4744a149b5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 36dd5e59de63412480a5e826f373b602 |
| SHA1 | 672f5f64831374ff25fb1b14019ace537fc957d1 |
| SHA256 | 963efbc764748340ef523c18b4e56a28cc0a2fe66f5445be2cc5ba13681890c1 |
| SHA512 | a540799b9adbdee112255bb91c477d62a53c7c974253bd648b2183972543c3747328932fbe8e69ca54038f8a60e6e0aad160e7ca989bfab632e6944b29e99079 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e64ab7a58e21f7f2a0e1e8a89efac9bc |
| SHA1 | c53dbf623e7d493cf7959ba075415672bcd9f08e |
| SHA256 | fc3ef607f7bdf9c2c11af3df115fbc88ef594c0de6cade658b8b8b4738a38679 |
| SHA512 | 79afd0c588c3e2b80897c049cc55b80e973fbaee47112cee4ae42c2f3dd0c9294c56d7e1587013994ce29f77bfbe685605b654ac2b41904abd39242a1063b407 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 772872ecf1f5f4952c8bfbc010b85045 |
| SHA1 | c5600f60266bff975f209d7ef4e29d3996d4d84c |
| SHA256 | 41300aa21788b06766ff38760e26a04f12bf36c58d32bdc6605ec74977eee64d |
| SHA512 | 54fbe366fff7074f0902438ee8aa701af1f9d70825569277788e19a1357f9f1f5ad419495d19096c558128e109f0581604073f4d06499d74df3e4806336a1dca |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 23:43
Reported
2024-06-02 23:46
Platform
win10v2004-20240226-en
Max time kernel
140s
Max time network
155s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fd8ba54df921f166c59ec439087a960_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5048 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4832 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4460 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5520 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5556 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.allkeyshop.com | udp |
| US | 8.8.8.8:53 | www.allkeyshop.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| GB | 142.250.200.10:443 | ajax.googleapis.com | tcp |
| FR | 176.31.53.220:443 | www.allkeyshop.com | tcp |
| US | 8.8.8.8:53 | urbanislandz.com | udp |
| US | 8.8.8.8:53 | urbanislandz.com | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 172.66.40.123:443 | urbanislandz.com | udp |
| US | 172.66.40.123:443 | urbanislandz.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| GB | 142.250.180.1:443 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | cdn2.editmysite.com | udp |
| US | 151.101.1.46:445 | cdn2.editmysite.com | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.53.31.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.40.66.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 151.101.65.46:445 | cdn2.editmysite.com | tcp |
| US | 151.101.129.46:445 | cdn2.editmysite.com | tcp |
| US | 151.101.193.46:445 | cdn2.editmysite.com | tcp |
| US | 8.8.8.8:53 | cdn2.editmysite.com | udp |
| US | 151.101.1.46:139 | cdn2.editmysite.com | tcp |
| US | 8.8.8.8:53 | megagames.com | udp |
| US | 8.8.8.8:53 | megagames.com | udp |
| US | 68.168.100.199:443 | megagames.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 199.100.168.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.179.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |