Analysis Overview
SHA256
a4060110f5a522b2f237c2ccbcdcc25d281651467359a2abadc1c4accd701d36
Threat Level: No (potentially) malicious behavior was detected
The file 8fd96a5c72953ca3912ee1d6c0101ac9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 23:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 23:44
Reported
2024-06-02 23:47
Platform
win7-20240508-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 503d73ea46b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423533743" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11E23581-213A-11EF-99EB-F2F7F00EEB0D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000834dab81c293a8f384083003fa70f165800627dc6b39dc9bd6689f18c7b0c5e4000000000e800000000200002000000013cfeda9fd40850a8af3dad07efef46c0c9d9e727fbea4833f40a435f62d1c5f200000001a1aad10985e568ac118549c7927e207268a1b14e9a3385a4373e5a4cb02a64a40000000095cbc87f824b42667ef07d0fda92df58b1c616501ccb5ddb03614d1f4e8a5be6516ed509236117336fe0fbd8b971e990fa6f3de0ab77702c6296a7b6d96e5eb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000008e9e152dfbe2fa2b56f0aba06fb23999b25dc6adc8cb9e3ea45e721f28b28f13000000000e8000000002000020000000ae31cf9e1f589a7b979b380bb6127bce08db5e9b9d09ea0711562336306cc44790000000bdd8a61df301e9bbf6d4b35ee06e6046ddea60bf49c37e8e45b90d3d2077344549db3221fa51588489576dd35d3e26149161be140edf292f1e56a753fe72f9879f7015ba4ede8c16a8978c9db9031832101d4cc342bddfe1b4f4f4fdcab7af920f6e2c28ca1253b5bf468e5b8ca89483b5ef78c6909e72f68ad5f39f2e9fae130cff5e037af0201f83f2b3b4314a037e400000003cb40983aa95824238c7be2caaaa0faa5d5a92393ba6d9c0c14dc64363ab18dd49b0efac4b78be1068d7be5c7df38fe4259c9f14ced3945e00c664f0829c4ec8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3056 wrote to memory of 1272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 1272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 1272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 1272 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fd96a5c72953ca3912ee1d6c0101ac9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5591.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar56C2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b7b2a1414924f3a5530007a61509056 |
| SHA1 | ed3e2847adff03a77c6b69c91d32b09bcb81d319 |
| SHA256 | ce37d7a382dffe3b9dcc46b911b7ef2cfa0d4bf115c42400fde4ecce433010d2 |
| SHA512 | cb1e853ad17d0eb595ec2d995d41cd2d9df2f61f00706835bd8f14881330174df22f53ad658c72da8d19b067fd971a8c382b6f2b855ac9a94843191579c85453 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6c2649eaabf9993212a323387481eba |
| SHA1 | e1962bd0382a8281cb7368c2e7172235e8b6878a |
| SHA256 | 7c159ef29d06a9991d94a42feea7d73d90d1f10c4b452b4d771e994eb1ff42d0 |
| SHA512 | f199d2dca58fe37ec55ce8eb4f9bf0f8912de3909b744ea89e11cc20880f0ef1f35b28ae7cf020b8109651b120c523e98f2adee8d172538de10173f32f6775c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ca0595fd863116bc9656269826b88d3 |
| SHA1 | 418ddc9a4286febd93974c143c99d6ce9e643b8f |
| SHA256 | 368fb40646fded8e6efc3cecc020101c49c96f97cc89ce8a2b124451c888a6d1 |
| SHA512 | 0694f6220d90e893e27504c81121745b5b8df34a5741b2ca11f8c4e295880e62563a594b2a5443742f3f0065052f3f699a9467722bf1b09f8ee86d19c50f5b2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a6f472b0e815d4edf124935a7bf1600 |
| SHA1 | 31e7159fd38bde8b056964fdeffd1437ca7e90d2 |
| SHA256 | 959a844e3cb735f76b0ef26d3a2c2c51f25c46624605763addc7716430bd67f8 |
| SHA512 | 74f757e402494acc57c03349c91a22449a278dcd2f2cf87695f379ac8f90660d0903f782723ceaad3c444077235ca92a1ce92bbe3d83ebfa8055bc81faf4d7ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc891d55518498db05eccd93c64e441a |
| SHA1 | eba393c6feecfd0bf8277e679f6696e057256493 |
| SHA256 | 22a530dfd16eccf82b82297c43d6fcf7c830fb65b4e9fa505391426e0bfca2c5 |
| SHA512 | 23167bc37ea834a37b78cac0ae0929a25ef21fb30e6441bfb31494466a2c777c68e4d66b77d01d70037ce8dade90228dadaa555b3270f7beab73b56b3d733dbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d327cc314431796fb60d0d0bebddc1b4 |
| SHA1 | 861cfb3c7317ef776b52d57164eada8a1fac3e1e |
| SHA256 | c322f3fb440cf1b3c2b29f8106779253b816527d9c60c0e27ff5d7412aeae79e |
| SHA512 | 7a715e3990054afbc32dc44f8cf13af4ce6731cac4b4a86bcc33546c6cd989442b5e50b06ea6df28df766068a347df3e5c0e08b7db546e3032008890c03b04ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de7c3650c0928b014e3869e9c65a89f0 |
| SHA1 | ce373f3caa0b66e936902343a054f95b8ad5a34c |
| SHA256 | f02f66b11b4273718c070c879f6ec710f03f9ec411b3e1189a5d88f1447f72e7 |
| SHA512 | b3af966a8e574b5f9559c8cc414bf4ac0eccb132821afe0e724549f459766ad258c561704234da0267fcf1d2401a8985e53a8ae2e5d0ebfb260e6d3f90b26e69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca1c2002088b9eec50d5dc7b7b1434de |
| SHA1 | 9823bf9f0efab93742101d8c4df83487fa709279 |
| SHA256 | ede0db3f45ce1b516e0ea64a9092487f1369d147eb34ae0f8e201b1f7009c629 |
| SHA512 | fa14f5863bf6c05e0e37b1d0806aadac900de59c91eff7b7ae4f58a41dad039bd8415a0a87118989db91a71583975383abb186ced22ca0bc5fcfeaa92e42bd8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc317dfc09f9c3909cdab0239d6be2c3 |
| SHA1 | fba4979e6d1774ba936895ed0294e5c85e197319 |
| SHA256 | f8bda0fa790b6a277c958e26e8e34d00bcfa173353aa4f8fa418ddb859bcce46 |
| SHA512 | 13a355e19414160d2a986d1eb07ce477532e25df663147be9df4b7286e706b01ed263968b68d45a3330911b04d0d41ffbc3a32a5e8d580f85ca53fa01f9a69bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d03aaa5f8fe52a6daadaf973bf84f058 |
| SHA1 | d3c474bb959be827feb2512c7a6d62894bf9291e |
| SHA256 | fcefd3a3297a95565bae639173411e129cdf459ac7581b10a9c02e4fa67a5ae6 |
| SHA512 | 07982ed4012ddc5411bd0c4171abc58232e0ab6b7d78df7d152d4f0d76669eabc6cd9498c7feb557e12d13e3127ce2ca334f04061ffbf9924b8f8c82eedbb062 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07363619e1ededc2c2cea231bd16788b |
| SHA1 | 778115e923b24fcf5574512c0254cac069b326c4 |
| SHA256 | fdb51d92ceb9fca7823d809715213ca0daec8a01f736d106f80b2ad4726e44a7 |
| SHA512 | c3689f22f656cb86ce3f2b40df058570d2947fe562ec35c4989e36f9ace63120e7edf0a006705dbbe4aaf89bbcbde0661abb5a57a3ca91da47c68944eea63d10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a6c09199695cc7021a4286e80f1c6e0 |
| SHA1 | cb30402a8b3d7b110a5ce84c6ede7d63bfd92df8 |
| SHA256 | 4e14cc9a20eb31564769c8d2af024c05cb54538fbd6ec54a2ccd9414cdfc5eaf |
| SHA512 | d37108bf99efdbadbe262256d76c05d60a3ffcd833a888b5c83fb98332d8f13f991385fd3fa3a025bb8d6dd505def054eccfdbca4e3be3fa9df95aa91bcf8c60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6160744c41e8b46e73ea17349d3d1f9 |
| SHA1 | 8ce85de7a141e50d6a566fa00bee986030df1e90 |
| SHA256 | 0d55d3b5625a0ab23b20cc4c2476070038c01023bcb6f8e4390c2cde0497cc59 |
| SHA512 | 9606ac8499407e4e2254ee9fc96899e8d102eb93abd3a6d3d068aedbeaa6d5c9a2e35d3d341ab4038badae784b1487901ad34ecb5088ef21b1a7c9a93a5cfba2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15114521c7d06bcc3a2e37bbba5c416e |
| SHA1 | f2d4ec9c57556efc54d2dd76c63b0b62f9783033 |
| SHA256 | 723c19dd87a8ae9156123f8db67ab9a7c3656b925d0e863792a42a29186fe352 |
| SHA512 | bec5abf29d02a108e2c0e3dbd0b3e6491f932965afbe8f55162b70af22d2bd7978d9491356d7c1a3f3122afc697a274d72b738a0c9e376fbc07fa098151f646a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 678d49e0fae383c61ce84d2ce8263cf2 |
| SHA1 | c345e56e1e72a47ed330c711aa8c7ab23d357f4c |
| SHA256 | ba55a2e3719d8f9428311f4c3a4744a3037c070d5458f501fdd02bd9bcaac057 |
| SHA512 | 963b3669d99fd52797a7be86456e1e495bb4cb4e7113c8c4eb0484cb072b4761f513f680be3feca4fa3d15fe45afe4069a153471d6b0cc3545c5873842b717b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44e9d2c8ee5fe61300c5163515f99666 |
| SHA1 | 757fbb588323716c8d4f4faf0749282fcbdf5aa6 |
| SHA256 | afbc400fadf143e1f1ad1b8120a92f84a335d511f08a1af22a0571dc5ceecbbf |
| SHA512 | 4514acd52318095e68353a4f101304fafeadee0c6896172bc62c40ba373d793f99f4ad8ab91d14d54e8e6c2489e86905ec9add6e53f27f186e6697e8bdbfd157 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37fbfc90815f372572e9709d11764662 |
| SHA1 | b0b2f46eaa2528e8ac6a4544cac9797c186ff757 |
| SHA256 | f3d7c90f6ace1db252a619a13695e303752c3e17df2cb500336fb2647cc5a60d |
| SHA512 | 4e43e630c97b3b2226aecf383d0b91d746025214c56c762d9963bc774390a07c34d76516a82db5b913069461cb4877ffa14268a78fcace281ae36a1dcf56b164 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8658343ed4afec4d0d9950527a22afc5 |
| SHA1 | 77d53dc41a99bd18812f29b5fbbb21fff47a59e7 |
| SHA256 | 5f165381495c1e11dca02e45edd187e02f86ea1749aae414a0d448a8f48567be |
| SHA512 | b992a4c2bc1ed7de9c7ff10c9a53f188d1c64b755f87d9623b4b2251ac1ec1d48bc83d9904df5daae4593630d2a82cb902da29e8eed499335ae9b7788c699f22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a77f3dbb8514c870370c1b4a22dd79d4 |
| SHA1 | 970d190843361698af10d0fc84dad47d0178d89d |
| SHA256 | 78cbf6ec5860f23b762a336c561eb7a4e0b9d147dec2589b32978119424d4009 |
| SHA512 | 2cfe6d78fafae0f47c8d4d256c4505dbcf44407cbb4bb8dd84a28c65d99ce1ccb7fbc1437540c42c3db8cc6d4854bcd38b07f64723e537e0a1ffeab58a405874 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 23:44
Reported
2024-06-02 23:47
Platform
win10v2004-20240226-en
Max time kernel
140s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fd96a5c72953ca3912ee1d6c0101ac9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3880 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5048 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4836 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5348 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4636 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1336 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.172:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 172.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.16.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |