Analysis Overview
SHA256
ed99b90a9cf142085b9a8f95658b85f32d10b05c1902eb32158f578d75dda3a8
Threat Level: No (potentially) malicious behavior was detected
The file 8fd8c0376116350a1d6e915c85cf40d4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 23:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 23:43
Reported
2024-06-02 23:46
Platform
win7-20240220-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 307da4d046b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a5dcc4e82099a54ebc59701ea5ec23d300000000020000000000106600000001000020000000073790187a920e5cd10aa9c3bb0a49b4cf21fa1c395353e5d8bbb14a0433c994000000000e8000000002000020000000791b4142ed3c8d7fd161211f4ac5941e52f429afb6ad23dd849a050dcb8885ff900000007e45546d0840e55a562095c418e8bbd957d20255a0aa4ddac515644587d6b9d375d370232007688a0650a4cfc2fe98c71f8b0425e1076b024bc93a45d8bf852ddb2c74958d4735712cf6c8636dc8f6dd6bcbc5b2ff95d33d2ed7a50f6cbe5e8055b4a2390ab59967da265536c5b4bea570c29398d27319f900e1942675872cb95586e659728c8568621d70c02d1d91b4400000002e0024898a4f069210074dc556478b48c6add069649786465de2ca42eec8f456db2f9b55edfa3c8b195b03002e04a089b5af0890d06d2abada5a3e4a57276987 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423533707" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FBD3D8C1-2139-11EF-9FEE-EA42E82B8F01} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a5dcc4e82099a54ebc59701ea5ec23d300000000020000000000106600000001000020000000450c3709870f59336d53a90b764548348dbabec7437b4ad9c5ddc409dd68732b000000000e800000000200002000000001bc20ef0e7ee4451059be340b537e67a35ca1cb549601841941a076c3b3d76520000000a0d972033d912ebc6a33a48e8be24cf5f7eedef52e04cce70c5c7e5c0611cfac400000007dfb473d98009d1c3d4be908d3ddeb51c9890136e148555880264b9a9a40e5ae0a993d90191b330962d22d5bab41958b930e412e2834a2dd290d35ddb9d7ef7b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2856 wrote to memory of 1736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2856 wrote to memory of 1736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2856 wrote to memory of 1736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2856 wrote to memory of 1736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fd8c0376116350a1d6e915c85cf40d4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab17F5.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar2D1C.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6f8d3aa32f15d6436ba8a3bfce458ba |
| SHA1 | 1f334b7a509fcd13160111e7380887c86438d0d9 |
| SHA256 | b1ebc9cf2dcc67fe10937b36806a4efb95e353f4d4347396e7d0840e1c518215 |
| SHA512 | 1cd0648ede1901884d8ea1a9a16730d4c5eb24a4d3060b4cbae9cef96d8ae51e6b5ad5542120aaa3d0df7e413b9341c2052841df55452170bc16f6d1a4218fc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c17dedd347f00b97e2cb2ea8b6b2bfa |
| SHA1 | 219584fe52e11c052344b4b41f5856afc700ed10 |
| SHA256 | 3d911be49cbcee223a1757e1466099c446bae020713ed78caa7a01e637547e0e |
| SHA512 | 46e94d9dc5ff063b257dad1a324552e6fbb3b34c4c0fe639e2b6cf1f9daba6999134111c267f1167bb5bf373b967a0070c19d1bb5c14420c71a87ae369125325 |
C:\Users\Admin\AppData\Local\Temp\Tar2DEE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8faac8aa98b7d97c74ce7e5a9d136e1f |
| SHA1 | 1fbcf5114df62a1dfdfadb718139ad34a9bbf1f3 |
| SHA256 | c9c4d5eaa84d75867be2a4911d65fcbfdd6ad75b0294bcc5267d4b61e911a6d3 |
| SHA512 | 29e9339c3f2fd8bedb10903b55abb3b825b9861890168e8eec6f0ff36e9be7acaafc0f268343fdf3adb5cf97ba6f2a41020ec9cb22fa55a6cf774b4a9e21e8c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6295ca490a12d697d756015ddae7bb32 |
| SHA1 | 8102ea0af0a631f42b6533c9bfdaff28d93299a2 |
| SHA256 | 82ce06846782766a9f519bcc2748f8cf0ab93734f748a46b00a084f3a7f78568 |
| SHA512 | 49386ed54f3106bed60ade2b62e9371d78a6dbebb590aad3f28472f65c418dfc3caff95651458533259bcfd02472092c3c58506a1a7bf2fa77fc99f422bb9e2c |
C:\Users\Admin\AppData\Local\Temp\Cab2DE9.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1588e6c70f761672741a0c32e07d44d |
| SHA1 | d4ad9eae47ef3f93970997028af7d3cd98132f2d |
| SHA256 | ef873cec254e66ceed1f46adeb5304797f186013b88d752415897dda9f1df0df |
| SHA512 | b5043cb0384cdbdd97467b116179fd12234c38c926e229a955bbdf00b790d2f2a55f373829bb22ca85d497101b5903ee08dd635d7fed2e2cad0c3282943fd180 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a36980380fc289ffde33992b15f21380 |
| SHA1 | d91ec359203ff480cf192067dcccb9fcf2a0cc88 |
| SHA256 | 1026aa172412adc7ae9aeddda3a28d85b45194045168334bf5af2c1dec2a1bdf |
| SHA512 | 6d07921b891bacc731716b62da456f51e36af8c4787f3c7f1a94c8af98f693adddcf847a0c284316234389fc4185aeb0a4ac51878d9840e112de6daf6593063c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2707d7f80c3fb583171b2d6acaaf755 |
| SHA1 | c35b03cb1b7b86130573b870fa399899b5493083 |
| SHA256 | 8125b00034cdcef60b3898aa90848b1727e05cfc6c381509b60b632ed197e571 |
| SHA512 | fecdad5c945aed529eec7779fe20c3ac2c079cc0261f81630769b5e7cb045aa0cfad8b4affe8a198b527c5ab363df5ffde720207ee99f8cf76c25aef06b9105f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3f1a0d8b22f6e00ba45f95eb5454dd8 |
| SHA1 | 68540236956078e581561721859e03421d86a3e4 |
| SHA256 | 5f41ead0d07471f73c8e66b10cf2da400ddef81564946db8f0e1aab9c5cc01ea |
| SHA512 | c3b6d5f7f200c24279a33a27c8f3123a6a8b46c2531c28709b4b9cc0a1a1c3cf1e5316e7e25756ae5b6e25831345182ff109d4ed9ea3598fc5fdf249941af922 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b0befd49a33396c1b096a805cdb518b |
| SHA1 | f8f53fc215fc5846a4d57f913dcc98c30d8c53e7 |
| SHA256 | 752f585505ce58c4a679da8ec9f7dca591a2a005d29b7e18da0dccd25b648721 |
| SHA512 | 11fb233abed4a354a3f4f13a0eb0d15ed2003a10d3a13c6ea62709f389da53aaa9ace2de7e81b4abd9a7ff513511a7168d94de47ca02c083128953e8dde869aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 415bfe7390fa20f6c4716f91ceebc6af |
| SHA1 | 7e5d96694df62d8f2c27501010b36b8fb7bcdca0 |
| SHA256 | 5115c4cfe7ffb10160eedf4205db9140e2159e5ce4d2fea39107b1f340956ce1 |
| SHA512 | caf0f1ad2168cee83443d261b7886b61b9a666117850a1ec5f706477c4af8aa1a520ba1951e5e46430ce3fa82bd97666af2c84b966936ae6a6ae244bebc7f66a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9a248c3280538f3d743af5682554c62 |
| SHA1 | 68630e281530585513d79caecc78cad4d6df6651 |
| SHA256 | 02dcd54f44a581a85242eaf020d62669a75e8c15690bee48671785f7ce4c3a90 |
| SHA512 | 3d7eb3eb11b4119580da602d127d37a672c8a0fbec6c5ffd55720acd5f78cb18de3bee696f3214ac2503feba50a5b3e48355436a070fb6c046317e4e7840b167 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3b7e133993ca3d9ebcb0d848fc0d2c5 |
| SHA1 | b1e90456f690c1891904cf37bf819465c11bdce3 |
| SHA256 | 4a6a33084d218e4f66291e28d8446193fe933548e92d42a00b7e7de40d1fd390 |
| SHA512 | 95715032794bfbc16d3a7112745630e1f03b81378fb6829d3ac552aa8cef700923a95c6d090c633b576f13e2d7300ea024a3b21d8195d2e331a28a53eee7f5b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5d8dbaf7d6ceab5c7ea1c035700113f5 |
| SHA1 | fef831676adb0c928442f01b05362096cacf12f8 |
| SHA256 | b1a793a4a6a30b286009499ac6bc3b719868bc8d7ef13d96036c6908e68e0114 |
| SHA512 | bac2bddc02573b294f761f775654928dc39777e450df76be7622284cffe94b1dbc11566cd4d277c67905849f76c7e07bfa26bb1b2f72bd9a9334bfa7550d6cbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e75601f109a4898a2247bd895ae263f1 |
| SHA1 | 1d99ced8f9b3976982a99b39f9dd757b4511c81d |
| SHA256 | d2905b73610d86f9d9d455447e50a56cc67424754324ec1ce424e93f82dc6efa |
| SHA512 | ee6f03cfc12b976cb08e3f8e4150fae032527e9bc51c53e2143cab3023b7cb067d1f301accfa98927019969e0221cffc2978d6f39a5cd6752540e4afafa4a1a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 034d0102899580b3518a9df52ae56ed8 |
| SHA1 | 788551b5f9ccf97dfd41843d9da6447d430ab84f |
| SHA256 | 77a9789cc612f51c4d0e9cacf13f10378899ee8800fbbb5e742d70609ac62b1c |
| SHA512 | 3683daabb5e0dd11aea2bae586c5eaa3605b920451f70a689077bf7b312dbdd0fd7f0fc99c462769a4161c0cbc66751a911a638aacc990121ed3ccdeb8c2178f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bff5b7169ffa35cc9d1d6b4cc7155557 |
| SHA1 | 7bf0e45517043d2e17a603f786e1241109d78e10 |
| SHA256 | 3557f363004c39b436ebc0c5755882c6f66f1d7a11cb81a40e5ceb2cedbacad3 |
| SHA512 | 535d44941df53c06544e692b9fbc83e7b120dce5d93c449c00fecf654ca76b8de34fc58d9dcf340a9ff818bb664029367a1651b779fbaa6aa45aa7034853c552 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54624e2f543a1063c24dc5323e2a8b2f |
| SHA1 | c70288595a24299e9f81285a6ce85b720b62db99 |
| SHA256 | 25c55c8b8ae5332398412ce2471ff832a377d72be8861e6fe197e7e811b8d5a4 |
| SHA512 | af9dee544aa6842e599c782733bf5da0a5287b9930b932e4cdbb2e61fee7b86333b1e423cb19abf0153c109d06a6b88c2a64555fa387d322f28de53fe1e56beb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3a06afe1dd04f4108c7ab0b7f4cd583d |
| SHA1 | a48cb56833a1c6e20628db8e5bd4eb27d0648188 |
| SHA256 | 0cb223b8d5e0f05541aff29c57f6e94db2238a2b678e4a79e4c21ea3e6565ecf |
| SHA512 | 126f7f2d17da59f13a47853a6e31a8bbd12ce2953a30475ba114e9ae081e9a2fa8f8c33ba6f57d148e4dacca51a942f74825b9890d1b95fd369b2b95d0c7115f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cb90a0b18fe31deecca96c8f996ca9a |
| SHA1 | 3faf0f10f3dc5f42a88a1c8613c4b95586a6ba25 |
| SHA256 | bbb31f4b6f8223474006553e43421fbf232c0b56cb99fbbe364b9d5dd4dd6d92 |
| SHA512 | 7809ca2abc0bd1a9e5ab2f6c5c0b7e01c1b06d6dce1c5deef457df3b93517071fca785db2d795014b02effe586333940f69c4107e07af3c61cea75f3f839e089 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e587196307619213a50b20d31bc1481 |
| SHA1 | 7e14510506beb3c1572abe02fd1b719dd7e3f8b9 |
| SHA256 | a52fb5970c2388e0e31f2d5a36eed5730d20d92d99fb227a5e5633b2c081e771 |
| SHA512 | c587abd90914f4bc71f7a62b7651821d27b0bd6652c6974448ef935e5af856672f3222c1ffdb86fdc4999fd8c5d8315c33158a3a893554e70a01a1619044ee4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bcf3debeebfa20d1e9bf31476f46af2 |
| SHA1 | b6776066afa83cee6799eaeea1a7020a52136c8c |
| SHA256 | e41f7e21d6cc23870d778213bc8da4bdaae40af017b488a32776717415c9faa9 |
| SHA512 | 0c5c2fad9f8c862a9cdec84399d30d5663fd3fd6f9fe2e5bb7dc99fd96bcbb75d48c90fb16b20ebd1b696dc60dbf75d603b1177295b068ce72d8baf974a2f2ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69176fd13020d40bede7d06f64c38b90 |
| SHA1 | f0e20ab3d791525400b8f2ac76ea751764075b80 |
| SHA256 | 47522fa25bc03333881f2557ef6fd62ef3a27d9c2fa3bd9fbbd199695082820a |
| SHA512 | b02611a330454a2b583797519e9389e17a04227861faf2a7c8c926cbf68126a2ffb53425b525b4a2a143a3ba4b2ec973bb17e5aab5d63666ccb1349dd7ec271d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 23:43
Reported
2024-06-02 23:46
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
149s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fd8c0376116350a1d6e915c85cf40d4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4000 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5692 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4904 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4504 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5468 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6108 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.140:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.20:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 20.173.189.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |