Analysis Overview
SHA256
c5c1f8845904cfd9fd55132d8a3d5849dda25626413aa1e7c2c3ed602b5b8177
Threat Level: No (potentially) malicious behavior was detected
The file 8c7b5ff7014eb9685e9f396c072abef5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 01:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 01:36
Reported
2024-06-02 01:39
Platform
win7-20240220-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a77bc11c96bc624caa13c5b723162be200000000020000000000106600000001000020000000071d59cf9a07227fa497654a21f1c6445012c08b9c19354cf02ac7e3f4afc946000000000e80000000020000200000004e93bb51cc8ecf6c88dc87242c032daaa07e7f6a573929d8cbd5488b810052d29000000000dde59cd84fd921aefcd0e3a642341e390597a52daa599be1c78a291e17a11c2e3cd1f873146991c3355ef24def9e40ba343e15e6411badaf0d8f7829f672754b1e16c6de6f936fa41a12910d512b698ea8a98778290e782ce754da0c70d154e53cbd2f430cd974e5b54337f41a7c7aa61f9dbcf6153fd5c8b4f0d05b99a96085d30140018e8795a246004281e9158c40000000f9b3b9340a1730a46ae2141397165cd03193309cad329dfde7eb5a6d7d685fc1908b8681686654528be7bb2f9149a7b6391c58e683ed4b4d36507f7c6e61d04b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423454087" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a6206f8db4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A9017E1-2080-11EF-85B9-4A8427BA3DB8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a77bc11c96bc624caa13c5b723162be20000000002000000000010660000000100002000000000e237a8088ce6cfce0783e31b9857572549ebcf615c0fc8183abe7b1be91e8a000000000e800000000200002000000007d0ff242684c74c28113d2a0b021b684dbbd70727c6681a5e4623daa32491f520000000a818c39200fca70f45ec341ffba146a35311285dc37d731d9cbe955cab26ff9a400000003acd2b8e79ec964d14369d5de65cd1d7059620c36f87fa6c6b4a05009bfe59318583c29a427d4e6a8a38eb18facb407c0c57cff9504ebdfed5fdcd7c1c2f62de | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2368 wrote to memory of 2396 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2396 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2396 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2396 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7b5ff7014eb9685e9f396c072abef5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab260A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar26FB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d34f3f70dc4279c50572f85287d0c55 |
| SHA1 | 14607531bed923523228018f03026417f28c7660 |
| SHA256 | 46be1b6208bbf66579b3f19c237f342f892fed94bf413d2dc880f06e4cc82ebd |
| SHA512 | 93bb3d2afe7a3452bf1b2e40cc2df4eaa244625a6a7c4df9115bc8d74699ad7d9489d668b147087562346ef373da4404614f10ba5d745adcaf11726a22dc821b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1528771cc8400970add8563ae293e9e |
| SHA1 | 5596a0b5899abea7d5f6fd0622ab682eaaf1b09d |
| SHA256 | a26133c4be4043458e81247d4f7070075472254c41699ccdc75732f8efd37603 |
| SHA512 | d8047b8b1a58cb8035f69ea78fa4e66ec79f5b98f235cef51184f27fbaa6e284e49fa8709bcdb8da8c1191c3a84ce7b8699dcd623c12c163e27cc24cd95ce139 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94e0ecaee8aef291ab61b5f36e70e718 |
| SHA1 | 9b36353616b3c6c91e8246fc30c17d764df85eae |
| SHA256 | 2ee06c72db7c25d705782cce6e131bca684d4514a12bd69d144f5ba1e13771c1 |
| SHA512 | d127a3cc79e944c7730fd6de0612e8d8b0aabf98bb802a5f46402826cf837421b86600e5c4ec4be2fd8fd14e61304fe13e13932c672e9efde6ce0adbd67f07d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11992ae7f6a037a17afee3b70c6586fd |
| SHA1 | 9de88c65b30776832a423a4f6f764af76140955a |
| SHA256 | 8301628b3945baa8fc786bf5f14101400baafb371669cf408716327b39ae6aa7 |
| SHA512 | 23839b17adfe77d275680c86acd0008e6f978889fdb42da23db80b66131b64498fd0e699b3d2a8f0d922a320b87eef791b8ca249637629f7464b0e6f5932af41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2e0d7a35d27aaf1a68865d44ac0ab6c |
| SHA1 | 628e0a363c26d0455905f9ee32806c5dddc22292 |
| SHA256 | 13ea14df083fbe96689e9f9ad3f24f0b41d92c5b45a0825bebb59b670e9fff27 |
| SHA512 | 85b42a0dc58c9015c8ddb16a298b466a8cefd7c8ee6f306e5f65848a5e3e61a6eb50b56d2c75df6269cddb9dc1f5529f11ca23bf0a67201e7529c9f55014630f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf07f2c8b6739c6988a930a5cbc8a233 |
| SHA1 | c476073e59ddce2066a19bd21a986251b15bb9b1 |
| SHA256 | 6d60c8340bcfc07787fc2b38c6197b8c1aecf475508a3cb97f38d164d6d5b8d7 |
| SHA512 | 9f9b611befb423441ec737acfe32ecf5287aecd50aac6d39483c9c9055d2d0adeb64e1f359070ab5779fecacf4608f3cb9f341806febe745f0f7518e94892deb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90bfb6ddce632f7865ac740f3aa57199 |
| SHA1 | fe8d32e9ee9951bf12250bd47f1b3d217bd21375 |
| SHA256 | 895577443e5f13ccd011ab3da50bef1e6b1fde95cf6e13d4a9e236f4d7d6b5a6 |
| SHA512 | b1e2d27bc6d253f11e03c2660b2bc9b7ea9f5d9420a63dda85f05aa2a24d89a98b63475b28d04f5a8d55040cf0f94324cbdb3a9258536a1b26c2863171626adc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c961107464a37c5dadd85cfb9801a0f |
| SHA1 | d7bcf77cf7f8e82ccc3df96f74e5d3cd175f2b3f |
| SHA256 | 9ce506e0f5c836caa7048a1c5056537fe7970eba268d6ce8136b3c811eac5c97 |
| SHA512 | 625b63284c8183a632dd1a01049a8382dc04203d66609298731d156c76e75705bef01e918afebf2bca9c95a67cbbfa42019d709eec3a2269f798627e2f092866 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5eaa9a59d10c8a188584c3e6a242267c |
| SHA1 | 446d9c41a58b93feb6624289e0fa2688ef9abd10 |
| SHA256 | 740e7370f5148c00f448c1ed9f606f57b362bcdc6ea366d28fe53e577390b4f2 |
| SHA512 | 023b2746bf2a401cf4cb17ba964965b0c19daac3613d92957a5d9a27879d6dff448539e7d91447ac0b2c64a75a54ff511dbf30bf5775e7181947a4281576af30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abda695c5e985c14f7cc8425fb49b789 |
| SHA1 | 7e7ca0ad06e9068f4f030a9eb85c80fbc94fa8de |
| SHA256 | 538930849b6fa6d9be5c19077876c68c57bb6691641bb06c029b44384e307293 |
| SHA512 | b01c51e612fdcb25fa036fcb82f86210533dce9e8a48e76696b8343de958699e1216daa48f72e1c042ff4a77aff50b169bd4e0e84526868ee7b97b1432bb6d78 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04a13fe8ed9c71710e52e201de3143fa |
| SHA1 | 6d8b8aba6955c2eaa50750866d6a1f9671a08add |
| SHA256 | dcd6bf9e82f0036525f020fd2c38a508db70727bba870a931622b43d34b3ec7b |
| SHA512 | 9105b18dca0ae22f107bfe649c4fad6e7d145908b5fd2f9bc001f63dccfa2d188d20c3c39441486c72fdcc971ac7ba1ea5729b8836a8048b0ad2468ddcc7bec2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca1dbf59ae518e8ad7d8513c27716875 |
| SHA1 | 105f1c6e80c38df375ca142edae5a65c8f3438d8 |
| SHA256 | 5c35e051e3b5da1db29ad9838d1dc47e2aa9c7c11f0649e6500a1e468ce63c4f |
| SHA512 | 73730c2e3718132f729ba5fe71c23a4b2b6507c775eb2ae8092a7944b0615017cd441998329f80d0d24f3449c0d8ff82b75eed131a51df43f6a4017c260ebe49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98a5f094256fa2c05c52011a47d2f89e |
| SHA1 | 92ad0130b67b0b5e1abfc8205bc3752b3b8456e4 |
| SHA256 | 019928daf075f630cf057526b85644eaea7fc1dd38316ec9ad097aa2e181c7d7 |
| SHA512 | c253949bd62a8caad7d1cbb93acbaf1dcb72567cd90b6befb7f47b1bd79f46afdb586f0dac312798fce71a2b58a467b62d386be2d9acac78f65a76bc41f07e29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14063b8d8b7c2ba65afbf7d6a87fe908 |
| SHA1 | 89a66ec55504dd203e79e93eefb3453ac2f1b995 |
| SHA256 | 49284647efe555a436208da908ef673a76f25d1155fb2fdf75ec046f1a40939a |
| SHA512 | bc9175ed9eaa9a726c40f1ef047e79991eccf80a46d7816bd5fda5e72ef521a44d4a2ff5b449bfc713f6b82cd9e9c4cd3cdfc4062659fed646d25127f0dd8adb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fb9f6213eedc3a43a9e69de6eee10d3 |
| SHA1 | c3692fa02917d8195bbf9d2f017955af6e00db55 |
| SHA256 | 93aefdc865cf49db0164e2795426b47b6acfd6612ea63078eab4817b32404037 |
| SHA512 | 3beca5704bc17aaaa7264d6f13e23b4fc62de36ac86793a694887bbe5ff2d1b107ee59cf6a06ac10370d67b9af9b1cd1b2bf6f64baca93f86c03e606a9b56f8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3307e1adbd7bcbd96cd59252e46f8f35 |
| SHA1 | 93e0ae8fc980c1883a202c2e657886efd7df6cae |
| SHA256 | 6b5705b26cff3492740a7fef3745fafcc496f60e6a6b85cbcd77d9742ebea5aa |
| SHA512 | 3c7141bd7db508f20b6f349da603553065b9236c6d4dea8a0de4130009c9b5e903c753e172b28d4d6fbe6ddb6e98102a056e81b425284b525c753b55a4b716c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c6a83c372044a74ea1266a9bb69760a |
| SHA1 | cd11216d9f3d3597cda25364d34260549fa22f53 |
| SHA256 | ba5fbed9e2b9b59191a30d684746a7196faa059dc707d4d9a1b54bf1077a519f |
| SHA512 | 70740d5926e68740bbe5fa6978c82d67d67487dee7f1425055c7b1a592283400ab0c2018babeb4ef134709254b88898c803c280973b616d568fa2451c0644aea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99ef9a174ad635eba7a21b055d70d948 |
| SHA1 | d848fae89610c4fcc1027d09d776de0061cc060a |
| SHA256 | e52e3db62d7dd3c780f30aaa8156eece9c1ed0d114f284e4f1293f09e07dd720 |
| SHA512 | 85479550d9e8af27d9358e7e736ebcaf680f58277b4d81a63e07bfc977c7a242417970fbc9def5d14ce9a5c80838a5751cb4c3eef84a1ea4a184745c54dde09a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 297477c2a7412259337bb01b459ac8a6 |
| SHA1 | 54896ba1b8f000e002e0d3702a65a99ea494d958 |
| SHA256 | e62f4405931521c3edfc3396e1cf12627b43c36c760e12fb5f66ab0d1bf1007a |
| SHA512 | 66c22fbcfd87d69c7a7eec9022ceac4b82302f26c82a999b09326f62c4e9d29664cdbb0f8d068ec0e49390646f4fed358d629b6fd7778ade8e58795e675e754b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8532f07df1a88e5a6b7d9d02e1e15118 |
| SHA1 | fc6c1537cf948fcc1e47e8ae4dbef778b96b9fbc |
| SHA256 | e524d0f9576324271b6496dfe4fab545f2b7366e80ee7762b02b36559ab7f0a1 |
| SHA512 | 2d13450598ae2eba64b09f3b0d017c6a1a9d323e181d63e14046ee4fa295840c0446cf9eeed964af808bd55f5f2c5f1488be31e02965bfef2c950498c315ee60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8fa3f6f85b64c2ac93c3548701eec56 |
| SHA1 | 11e7059a32b5876a4c1e3e81fcb88df66a1d0569 |
| SHA256 | 2de110fd3cec60d645432338abddb7b52b53c62673cc0db5883570fcb83e09dc |
| SHA512 | 74d6e85a791cbe95d2aee3984aec85e8f79adda6d1e2e3e7aa7eabc06580f16d31620275db6e1728321b310b53ef4b4417fb3906e51cad4c82fc496de996645b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 01:36
Reported
2024-06-02 01:39
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
148s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7b5ff7014eb9685e9f396c072abef5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3668 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5300 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=744 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5824 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5352 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6052 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5772 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | evrim-teorisi.net | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.212.202:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |