Analysis Overview
SHA256
2a89f408a48aa1e07b6dca0140cd726fb0f8e563be7e5e9e060649445bb645af
Threat Level: No (potentially) malicious behavior was detected
The file 8cf0278b8149f2085ac0c7665fe3b56e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 04:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 04:53
Reported
2024-06-02 04:55
Platform
win7-20240221-en
Max time kernel
139s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b08a35dda8b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ed1e287e2e72a4fb3a8a96f865a9669000000000200000000001066000000010000200000007722fc9b0e4ad10d8c70d8e0726e80529949a360335750e0399e1339887296e0000000000e8000000002000020000000a3deb960572f58fcea5aed3e2b0e7073d073a86ef2729fb841d49021239fe6b6200000006d013450098dbdd49655fbf1185fcbda1c5ee29ac01130c0cc4da5be077485ea4000000028ea508ab40fc78d464ec2f47b99d5c4512b6bc17d166fc3ea49b66219f3dcce7194cf0346b302c9c8ff12e1b9ab535b8add0291976d10bc8b352dcc443c980f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ed1e287e2e72a4fb3a8a96f865a966900000000020000000000106600000001000020000000420ac4251eac9f940fa52077ebc4437e8dd8675552e81a3a562408508881f83a000000000e800000000200002000000079daeffd41c1051c81722904ea7e47c8c5dd16d1873c1c56f4234b4666489a13900000003d8ff1cc322a8b03523c5cff974b339beaedfcb3228f4e3b4d857e75187d7f32b9db18d9fddcc4dabeb26f5644a944ebe4661a4647e23a7a7610542ebb27ae44636e2d30dd8948004bb8a2e3781403d445e8dc9082c34ed91d9128f5680cbec2855915c386096878dea8bebc982e99d8709d2ea7e7087d4eab297682a86e342a3dace3cff7b12b423c96be1b2fe72e7f40000000a1395a85ff210472b9e3ca33145e37774bd61e4c807a0f7cd58fda9a22a6af90fb846bddc41418bbe1ea6f16a36b30f74ae45b3365ce910d5ddb8534f732609b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{08045781-209C-11EF-9C17-5E73522EB9B5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423465867" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2096 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2096 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2096 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2096 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8cf0278b8149f2085ac0c7665fe3b56e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | parking.parklogic.com | udp |
| US | 67.225.218.50:80 | parking.parklogic.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 67.225.218.50:80 | parking.parklogic.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | ww1.aloporn.net | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 9a8a605e2534545ee9a2d49f16655f30 |
| SHA1 | 5eafca24cd6a268bd669a9e14bcaa0c01b0b8be0 |
| SHA256 | a659633fc9c58e7ae41bbfd5012b9e3d8735c587cc48841099554b5eed6e3ea7 |
| SHA512 | 2f6d9c0525a7873c7e6e84493cff4311ef679d62f841b70d3b2b41b3d7057cf6a7d25e7fbab1316a6d9d226034d5bb0ed2f14a8fa9a81262462ef1eaeade8f51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 859561ac96cd732fbbb4abf6956b8294 |
| SHA1 | 2299116d685a98daaf345044e602244269a9f47a |
| SHA256 | 311c814f6f741eebe3ac5f99ced1fe760a955ebf9eb7bdcea04f0c60fc9881c0 |
| SHA512 | c808af64c7d1c6a8ccc514204a22cafa32f1795cb82ae60153c371b04c47f9570058d9dfe0fd3f210e1f0ff5808a6d0540d0fb78f0405a24ed733d311a1e420f |
C:\Users\Admin\AppData\Local\Temp\Cab1A37.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cd79288df945654346529eca5d044b6 |
| SHA1 | b196c43169eab1cf6bc2c8900481f46c964d7e05 |
| SHA256 | 88a1be15fad946a1254f9e18e6a49fdbfa9b065f32c665e80b5c67f6e52e0dc8 |
| SHA512 | 5792ad5541c5ad20a946ae4f8428a8d77fa87556ba7473782a9d37a6eaab348bac5798fdae8a82712ba231716d0c018997a54baf655eeb7a8211dbfe1d4e25fb |
C:\Users\Admin\AppData\Local\Temp\Tar3268.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3377.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52100dee5bfacd24742ffe22d57fd037 |
| SHA1 | beff15cd361dca861d36b6fcc1fcbd9b4dc6fd84 |
| SHA256 | 135d5a2e779aa94635b047043e7dccf3efdef3c52612b4400cbd97660dc808c3 |
| SHA512 | 29246d6daf8456c80d7beaac519ebeaafa0255d26537c85f54495f94402b05082030e41adc6915a8bd5149ae957bbd9afcd7d19078d08014ec99ab0b08ea14b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7573357d2cb2a53fc0526c3e8a135d60 |
| SHA1 | e6520f229c95a23f78dcfc8a74fe4980d953ac54 |
| SHA256 | 3fe7c074bc46b354eb69b82091facd04d4b7a707e475871794b3e1616257ba57 |
| SHA512 | 7bad4f0d05199f008d6d59d58b2eaa0d90b7deaf00c73124624a28bbe8d9d6fe70a260136a9cc923fac9a9352f06a81970d951a6f8a40b43bf2c6f4450e92f73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | feeaf8ca9372bf2fcb9f351378133f93 |
| SHA1 | 52b055ea6ed6d71440afae45e477245b030245bb |
| SHA256 | 60167cad889b167b038c1a24fbfc23ab7620d2bb32694dd09facd39964b7b17b |
| SHA512 | 0e99590a5b9dfa6ad2d146435293c3899127c8f57de30bcba012e7291a0d1a3cc8b37b877b26f06c88c281f9e2bdbf71097bcabd0686f6f1cef43c9b6a47ccb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 304a2a9fd1da44003901b0a5340cb899 |
| SHA1 | 345489aff1ff99a32f84bcee0f3b950b88e20eef |
| SHA256 | 10149300e6fcb14d657adb60e86fa1edc85d9fd30c11a7586e81157b453890f8 |
| SHA512 | f3269d8c32997acc3e7dc730194a096e913fabca658bead528e67c776a854eb0a9b7c6668f947ff55705ea4c157e52253dbd1f4be1daf5985cfe56fde59b8997 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caaeb6f55a0b5518a6f86cce024d11ff |
| SHA1 | cc0f0cf16d7ed93cf2497e602b2ca2332175d739 |
| SHA256 | 1d29280a7a90f5ae31e3056dc86386c1ab848aced9c7f2dbbcabf32563026ccb |
| SHA512 | 5f6ca819b07412a97aaf0ec5428f1c9ed553487f944fcc04d98fad435a1540a12686e3924525d809c3eb88203b14cc8afbd623e025cdb6005d4ba1c739486787 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b79691fc65b0776371476a1980238ae6 |
| SHA1 | 2dca314e8f9e4645b6030d391babf487241da5c6 |
| SHA256 | b7226788e2c5b828f06f2b47cdb3595ba461dacb01ff0e41d6a414aa81977c3e |
| SHA512 | a2885fe86d85dfa776d1d1f24ba59642d882bde7ad329cfdc42b79926990d07762d39e65c9c9e49b51a5880335191f81303c328e62457b67fa13d0147b237609 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1763cda3fa6a26873460bc8235eed52e |
| SHA1 | 9b86c2471a38394fcfb7a47c5ca70576a73400c2 |
| SHA256 | 518a69799c75d02b058fdfed82880fe62d6560267de939388205b3ebcca3c2cd |
| SHA512 | dfc4cff247c8f6cc7d0c107054ad739940c8c6819838e69cb60e93424a1e58a4b0d51a8ae73b308f4647d9adc3efee472a9444005059509c26a98b211f7d5188 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20184b711724765de196284e04da61e5 |
| SHA1 | 66e46dcebae4f3c2b94c4a3bf2bb5b1b85022dd9 |
| SHA256 | 6bccfc9728bf8aca3f2c4f6bfe4b03a328033b8315a68dbb2daf41544d4f98fa |
| SHA512 | 37ef598e5fb6b2c98baa80c21318329891a5eb70d935416634dc93e16551a48bce1a98c55020c01e3709c32c5756ca6e1fe108842a04dbd40c51e0187545b929 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14ece26ebf3bce76fd072af56b2185dc |
| SHA1 | 1ddb4644c1867991477cec7b71e1c7a9c457c7e7 |
| SHA256 | 5ce59a2aaf5e1871e8342e02b26a971265575c779d7ac5cb569bdc09028c9a10 |
| SHA512 | fe7abcc19b5a1f31dd3369e6dceafcb8fa1f31b070b956c97953739970cb473c4755cfd1b91949a04c017c937503dd3d400d2bc3261f46f5f4a2da4f40154b09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2245f662036059c5372f9f002a6cdd8b |
| SHA1 | b9dfff3d06a96da997b7164572fad314cbdbff6d |
| SHA256 | c2d8d8a175d389b72b6b85154ddf53d9489dc860f03febb869ff33407f3711e5 |
| SHA512 | e83468593d49d77ef64c4313dbc0b3028e86ff257f5f95dc8c598b3f8f3e7ae29483edf2301353b1e7c636224d71156663204b9253f7c2ae3ecff9d194c7c6a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 573650726a5e45d0777242eec6b972b6 |
| SHA1 | 8d5c994981af05808c71e7edc52c492d7981276a |
| SHA256 | 8fd356437e7fa3bd35c2f5af20919b1e03db0dd50288948acacc78b0cbe00abe |
| SHA512 | 87fb678b7a6ef7939e700ca2a31908ea88c8e5e0b36198f908e188eacba42298509e7edf4bac55633901bfbbea0e9ea573b936dad4d457786d59b73ddcecbf35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 978b78830cb5d06eac39a0dafb2117e8 |
| SHA1 | 2b1cd953c0d1ed94aa01b4124ff71b1ef0c0635d |
| SHA256 | 12019b49c959a216445d1935f658c0c43379b077a81c9f4a7bd576b0f5e55a19 |
| SHA512 | b6bcb02949334e985602fd38c7228dcda6e33a54c4b693be1f8e5154df7b14e0a43940db9f9897a7f183443d3c76ba807305a2cd8705bf96b48644ef9e219742 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f11b4c310f5a6dba699d5a4c4be233b6 |
| SHA1 | 181be55816f0b3ff91917d73c846c68861a49b5e |
| SHA256 | 5376bef434e92295c5208026ae0b4795cea7c008176fb1edbfeff230d0b93574 |
| SHA512 | 86004ff0f700a41e9c1716a922c684512854dae9180bf1275637dd9d9d3f619b438c305ae89878803aece7abf1834a4b84e9df7316bc27124d1d15d001675946 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f855c9f2ffb96026ff661ee43b80d20 |
| SHA1 | 150420c3a47b6814e9f7b8aa76be14d4f49c38ad |
| SHA256 | e10c766b72d426b2398bc96692b8b3b329e90ad9101c0a6b0f6ff0cb78e85001 |
| SHA512 | a8baf2e8638aed701d4a8620301e868493d1a60cd347a72aa540c9e6feca2f20261bb04ed41e2e4ce0ec42298006ee09e4f8105baa24f16bb1f550e1dd086fcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7194ebaad2514d1cbbcd33cdd1ba1fb3 |
| SHA1 | 5e1f6e8990909a606118b575819033392eb2f9bf |
| SHA256 | 32e20fcf8d9d561a273591d0e75d5b560a32af240c01b3662a743bb8a54426ed |
| SHA512 | 7eeb35ee4d98e4081e9a5f4fe71a2c0cf0e0726df0b754332f0b4604eac687b90f8af6bf5f90c32f2f0331af00a3a207c02a4a3622675ea53092977997c74ec7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 886ed124cd7a4e4bafc24afb875a3be8 |
| SHA1 | 23529153279fc3e143dbecbc91a4979f35791383 |
| SHA256 | e526d45b8dad46dff976b4d411b63d773123f78ce1c1bb490c60324058e7b1a6 |
| SHA512 | 0b173c55f24ab4d791e8837ee316e77e53eb01e56a1d0575cd1099c9d9827e457847a531f20baceb11743a920db57a7031e8f63089abcd1261791a4742409f14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 2caa7d211c27029c102f67932149b523 |
| SHA1 | 0b096ea6841638434e6f1808ad196e905bd4f989 |
| SHA256 | 68fbc30a6601610ca6d311c497a181bfd5a4727c4baa5be9460fe3556ba28525 |
| SHA512 | 6c1c3464e9fda3f442882804091c4a359c0a31e3e25a1bb1a5154484a5e970abba82a7bab59fa66b16ece2030bbb0b583a2255a649e730bca736346fbc9334d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ae9de25c160cca75e7604c9822253b7 |
| SHA1 | 614388a85cac7fe72463d6a207b0ad6973e78d3a |
| SHA256 | 99c25a6144516f0816d6dae813eabe3ee89d6191169bfebf5db8f3198df0e3e9 |
| SHA512 | cd0cdeac88566b8a9eb5a4b3b7a42aa8af70dfa36222e5f37eb83289405759377f73215329e8ea3b86e2c96d6a440d2df3d9d67e59914421e37f5236544a6758 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66350e6e7d4ec6f16ece7f5d6a25a5c6 |
| SHA1 | 935d6891d2bb9e4e9474018f8f7752dea7769316 |
| SHA256 | d580a46f368114b695d88d3845a07103c607ac2b29f7159fa53a6a94ac89de71 |
| SHA512 | 2391a8d194ee223a0cab56cd534b95e8fa1c8fb5dbc8b7a784da32a8aebfdb9cdcddd9bbf98c25f7baae806b903722e13470fffc7b2138b614bef72fcdc9ff15 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 04:53
Reported
2024-06-02 04:55
Platform
win10v2004-20240226-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8cf0278b8149f2085ac0c7665fe3b56e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4620 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5760 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5368 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5532 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4116 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6004 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | parking.parklogic.com | udp |
| US | 8.8.8.8:53 | parking.parklogic.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | parking.parklogic.com | udp |
| US | 8.8.8.8:53 | parking.parklogic.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 67.225.218.50:80 | parking.parklogic.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.218.225.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | ww1.aloporn.net | udp |
| US | 8.8.8.8:53 | ww1.aloporn.net | udp |
| US | 8.8.8.8:53 | ww1.aloporn.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | ww1.aloporn.net | udp |
| US | 8.8.8.8:53 | ww1.aloporn.net | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.179.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 205.201.50.20.in-addr.arpa | udp |