Analysis Overview
SHA256
e65be4f60dfc20cb7b67375b2b4c3b1ea7def46e624c29a239f83e30427b928c
Threat Level: No (potentially) malicious behavior was detected
The file 8cf31e2e42c64ab3daf729bbe34cd7cd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 04:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 04:57
Reported
2024-06-02 04:59
Platform
win7-20240221-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d289cca962019a4a9cc88fb76b04b529000000000200000000001066000000010000200000007e04edbf034ad22da24c4bf62505ff2a4b1ff5bbd0020bf5c2a313beb76cfc8e000000000e80000000020000200000002f4a073484c51d360b5835b4411f8f69c6ce80db9de1facd0a3ece254284c4a390000000ae54e18c54c0d6407639c328cab1666a166b90707451d1e05c4c21a4d378b03f8956bd284c5fe075e6f84d886e16e94acb7863f8a66e5cf08071f634834ecb6d4e8ff189ea33cc8b31aa13f14dbccd3b8f75ae55b645145338ea5d3f66c4a6e5d2a5471d7a7c8d5c0b5ba8688aaa179cc98e59b0ba402e70d729517617f8d8d217edfb7f40262c6101b4d5bb292b826240000000b471893f918d11a8562206ebb61e0a1f1f647c377451f4649aef12851be2705139755e6c57e7d14426aac588d1b3a89bf0a6fe323b55c1e004599f96c5ea6949 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423466105" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{95E65D01-209C-11EF-9C17-5E73522EB9B5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90e5926ca9b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d289cca962019a4a9cc88fb76b04b529000000000200000000001066000000010000200000009ba95b8815c7d45bd83ae688a9ff7b557b35d4a66e4b21b890a4b17ef8aa9d13000000000e800000000200002000000069900d58faf421f6b14e4b6ca56322a72bc7f9719d957fd78492bc84e389780f20000000916f18f079bc7deeefb7fdcd2a3e6f765017420e3b9663b24e971c3060e9e071400000008e0e68e12ed3c8d39b81d42f9da816e948b3e0f34b2d6b4261bbba7457daf1a216bdb79238ee4cff81418b610ccf7a85d8f2432b9525795d364f328bdc7ef8a1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2228 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2228 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2228 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2228 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8cf31e2e42c64ab3daf729bbe34cd7cd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | lerloy.com | udp |
| US | 8.8.8.8:53 | static-eu.payments-amazon.com | udp |
| GB | 18.154.84.41:443 | static-eu.payments-amazon.com | tcp |
| GB | 18.154.84.41:443 | static-eu.payments-amazon.com | tcp |
| US | 185.230.63.107:443 | lerloy.com | tcp |
| US | 185.230.63.107:443 | lerloy.com | tcp |
| US | 185.230.63.107:443 | lerloy.com | tcp |
| US | 185.230.63.107:443 | lerloy.com | tcp |
| US | 185.230.63.107:443 | lerloy.com | tcp |
| US | 185.230.63.107:443 | lerloy.com | tcp |
| GB | 18.154.84.41:443 | static-eu.payments-amazon.com | tcp |
| GB | 18.154.84.41:443 | static-eu.payments-amazon.com | tcp |
| GB | 18.154.84.41:443 | static-eu.payments-amazon.com | tcp |
| GB | 18.154.84.41:443 | static-eu.payments-amazon.com | tcp |
| GB | 18.154.84.41:443 | static-eu.payments-amazon.com | tcp |
| GB | 18.154.84.41:443 | static-eu.payments-amazon.com | tcp |
| US | 185.230.63.107:443 | lerloy.com | tcp |
| US | 185.230.63.107:443 | lerloy.com | tcp |
| US | 8.8.8.8:53 | www.lerloy.com | udp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 0dd48082cba813345329d79da68e007b |
| SHA1 | f1ab2b86188a58f3832202d71c75bf5e399319c6 |
| SHA256 | c890da36838939fd8aca70a9ed0d7bc9ec2978f5b437acb96ace6fa4579df469 |
| SHA512 | 8d8d4385182f4125fe3a663dc87a7131a82a14988a3d79874090fce0200edae86a28454d87d5e87895d51ef0ee6535c63b2d74a8b011d1ee27fca101583587e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A9CFC67148800DCF36D06882459549EE
| MD5 | 94193e3647874bcbee9635af00a40b0a |
| SHA1 | 3833270f74362d3ae64888610255350b5048df1a |
| SHA256 | 915f0ba477a41255110d584a7e4dd54bc204bb540a47ccd36852ac9314a7033d |
| SHA512 | 5c2c6eba81f0adc832518bd304f1fb97cfcc2276c6481c5e20cce3a65ed8b92550378ef505603938711892fbcc86d8e027596594d49b6cd3fc89201b0816e100 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93eecdbfba1748abcbc3df372181ed71 |
| SHA1 | b94b9dae8053f2715e38af925b7a54983a63f264 |
| SHA256 | 75247a49893aa175d420106c33d1558df95a215359428640859f0cfdf9374edf |
| SHA512 | f573a28546015e6a31b17ec0b1acc943f7799b0ed3ea01a9a16a0bb065cd23f319cec9c29e740e0ea407746a7472979c4fc732578f63143ead40c818227da016 |
C:\Users\Admin\AppData\Local\Temp\Cab3A34.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar3A46.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3B17.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 210b80da8a753b1ac39c7f660bf2aa0c |
| SHA1 | 7778539f2ad6daec548a2af2555b382448f46f63 |
| SHA256 | 0bb43443f6a881ba279bfde7a560b813f11f7af27ff43a306f458d3f45f73369 |
| SHA512 | 5f82b98b99fe7006f49f0da145f62a4726c36b941890b6d946a3c27b46b5314a497446ad16efb7bc9ab3e02b9e9a6388fecfab18f56e622238b586dc4303d9cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00e1b9de849b60e6d050b69f74b014c0 |
| SHA1 | 5fdf4b58045d66913a1db04c5cc622836277d892 |
| SHA256 | c0afc5af20d35325782d6ac8b0400c6137c39446d06ba5c81b6c05bd502645e8 |
| SHA512 | c359204f2ecdd9ffb07b327cfcc2f3f7723535536d42eb8c8443a6bd44a7b7c830221bd707937c0025357a1676c969d856102c8ac159027bff3b0675bde7a55b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b20bedbc091721fda4b1527bb2896d39 |
| SHA1 | 2aad76d08a5a7c22e82a4f244b9938236f1ece4c |
| SHA256 | fb202e0d494046eed5ca75ef4c5269c0a54508d7d11675bc7e87499faf7dbbfd |
| SHA512 | 662eb78a777fbc5d999b68ddd2ab01ffcf159345e8594c0737cfe1a3070ac8be0b07035cc0c284944bb64f5a32e2641ae875549e3e8b50936e5a5502fc01aa9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eda8d640d41ebaba63289f719ed5f2c6 |
| SHA1 | ceef6d67f974ee7d36a4bdd7cbcc77a9ba5ae469 |
| SHA256 | f7eda333a46b782dd9eefe270aede018ade42a35251748547ed50a929c003c0f |
| SHA512 | 5c8bd14b3d8a97015203a9b72082df31d911019e831c798f2d8634c8ceda5466e348d14d083a9355472dda2230f7dd9b9e25eac15609a4bff28ffeb3df8f9d57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 703689b2b237701600e128b650c6c7e7 |
| SHA1 | 95107d5c3801c9cfddabd75d8df67cfe4310c954 |
| SHA256 | 256d100a7091af6d6835160728a3d0877c5c9496c8b9c512dd94f00a44ddbc1c |
| SHA512 | d7174e1b8bf355b638286f6d0c1bd1696886f0adb87faadeea3cad6db6488ccd0a9c24ee147a7681b70e672e5b412a2f044493fa9da754d3d0d241243ea43bbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53fc368def161e6f66bf7c14e98d0ecc |
| SHA1 | 44876426cb4917da259c174fef2995e0dee7c3d5 |
| SHA256 | cada70a1e0c4b01ae53a9eb9fcd0725ebd827a9487ba9c9aca4b9d8a181235ce |
| SHA512 | 14388667cc0d3a2068819d8db6ff0176ed3292f5faef804f623789da72827485ce4236666334b0afa1aba719d3751c6e38aa9f9d5a4c805a39523427d76cef5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5b868c074639906fe48b338964ee58f |
| SHA1 | 1d2bc713fb25789739a08d7bd4f31eb1b8e67ab4 |
| SHA256 | b9154036c777be29a219e1c657530f2d65115ee9f11b136475a821cdeba7692c |
| SHA512 | 933d21601687517b64110ed78ca0b7e9b68326b3b4ec787f0f0ece6ebf1f5e18f2f84120d2edd0f4d44c4ce3cefa165d6aa2a39c36835404e50b3d5d5799ab47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e383d806e8ea959a8c1e859fd05685f |
| SHA1 | 1aa1a7096a8ed71673bb62212744e09d75e9265d |
| SHA256 | 565a2ce24979a3146346db834fc8ab312b3fcf769b52eb54abbd931a51d19b08 |
| SHA512 | 1589d54ab5187af654a13054135d08b98f0ab4a8df8cde98887df88c057a9e59c33f7ffa6dd0d2a30f457759a734ea37f69fd87d592ca99be37f4645a18f9203 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9534c7b5743964c49b66f5ddc12a19b3 |
| SHA1 | 14e4b94d1d1486e93a9f36859f2bbacf2a1ce63e |
| SHA256 | 3d386cbd60ee63bab6e92db76a11c85b871ceb628d96e9857569133f511c7fac |
| SHA512 | 8d9de5262822a1acad96ce5876e4340a07e4efc4c504bb24983c8fea007c1eadcdabd4bf5f1707d0e5b1bfcfcff74302524699486f1a8f6a28f3942db4c61fc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 793c458b2f25f906cf851f675a23bd63 |
| SHA1 | c1ac593516cb45fb5fb6d5ff2317ae6b0146f96d |
| SHA256 | 71661e58816404327bb0087c78deb8aff352f7ace38ca62f4a97ee23adbbb9b4 |
| SHA512 | 49748ca56b77808108c1d0625efd7d2592c92ba80730f7d28c9a2d2280de159effdf34a69e6859fdb82cd9796d4962ca1198b95bde05812bb224eb67b10da80a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a45157e84307ac3d08656702d6988cd5 |
| SHA1 | 9d93f61b5c97884fdbce4e65a6acec9ebd70079a |
| SHA256 | 8e2bfc1c4e2ff1297056343b1f0c3a90685494cea7056d6a48af56f9ef002e3d |
| SHA512 | e1d4bb4277badd1ed838c6ed375ef4747358cbf1dbf897597b8c47ad7507d0e370fd8d65d2390263b783370f8c4ee6ea4cdd1c39d0ed6f96e2ccd8dbea548cca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 6dcb3be8fd8a3dbfc959ae23d70b87aa |
| SHA1 | 2a3f30259c4c741ea15595e652f95274749b6f32 |
| SHA256 | b5717b6e9b671f2f135bca31643ddba2434fe87c9cc50b00e9a02120c583d693 |
| SHA512 | 55270081d4de2bf3c358ffe011dd1e8df4ce7ebb26232c353a11866e1ceb0b999c779066f075489bec822e390f1d122dc3262e01ed4d04ba40ae605e82cd8972 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4118c5aa41daf9b9a29c6f2ed2adf8c |
| SHA1 | b1faf4ab28c6e8ffe26b31e88bbb6d4f4ea1d3d9 |
| SHA256 | 7e8acf0a6f6658d8e58edaae6524ed9f4c6a5e44565756dae0f4173cd316a933 |
| SHA512 | 487b3c66542c95516717e5fbb058ac01880c729fdcc30a3b3afef6437c36c75cf83950b63f92eb43e2dc98571c013dc067892fe0a701e9eb494f74a40e9b83be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe42da84e00266503c04e90ffe0bd3a8 |
| SHA1 | 7fc341a15581e1c2fcef605bdc3dc8941feebacf |
| SHA256 | 1f15854ec6df08befa27aad99e42f51eb29ad4c8015d63202ac2912047e618a8 |
| SHA512 | d98202ac120f91c7dc536e9774a6f7f5dc4c89e84a7840365f01d9e7e2c1f1b0baf39c20cdf6386777eecb5cc3712452bb5aebc568fb6ebc182a1f7dcd806d67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3044fa4ad75d0f914c372c158ba47af6 |
| SHA1 | 610473cb3e32e853b5d508783b80f3e5c83a41ac |
| SHA256 | 32db6c4fb82a8aca5fd6b7836e6576d6c7794233ac451e7063613e291cce3f53 |
| SHA512 | 51562bf637fc93c4b4e30c0e069073651cb4dc17d8d722fd013e9a029054297d8ce390417a2089112571db76ce7dfdd45f2db15967f5fb59165c751866753ed8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40a027227e3174e41588aac5504a1684 |
| SHA1 | 25db1f86dc853c0266166c19b83af53ccf33e088 |
| SHA256 | 10398c573be2c1e464af3418d8703e1f825334d021997719f3efe7f773aeccea |
| SHA512 | 597c773ec03ed9c5e3855d358d18f8dc40b4552ccb485a63145d2fc0859d8c1465dd269ea4ba3f7244d478fc0583d94ec3fc1783ffe5647c6ab4ed3622cae4a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9724a7a0b71a5ad8ee492c2cdbd64562 |
| SHA1 | 1e5ead4db4e5148587d48851fe9c38e9c5bc19ce |
| SHA256 | d60cda0c74bec9d2c5a99895675a993cf7503b32becf7eb7ed86de48b32de63e |
| SHA512 | 33bc8b9d8fc2406663c30adc526104a5c03f87e6ee76f61579e642f316123bcea029cd966b55d702903090076fdceb458bd2ed90bc79f511f41843d7d2af923c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c5731f80a543028b3a2900351986272 |
| SHA1 | c5ba0ae09acfd182a0e56a32be51c05b867c7246 |
| SHA256 | 3fe622035dd5065967f2ebb7771f561e51d4d01b2c70df99e4cf4c1fd6667663 |
| SHA512 | 25fdf87c83f0ef2c58e9cd6a74c020a61c3dabc54a65563a8a1da38d6d5e51bc3f4ec835936d6dc19fe2f6899642f1788d7a5aefd700065f67f4a02f497637d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 10b8010ec8c8cd6a4e5c586a8a569f25 |
| SHA1 | cf489a129c17aac816c9efd2736e27e82ae31b37 |
| SHA256 | 3af0db46cc2ff1bed1d39075a00fda7b5109e1c8d4d9dcea986b6960d7cf4dc2 |
| SHA512 | 22b83e76e918762ae3d1734fa6924e2f720825bc91a1071e031ee05da55a25e02ccd70ff8cd28fbe699aac4115353e8d7672fa7a7f0db49b9d4e618b834ce884 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c66363f6750a9a9b3c195c743be54f2 |
| SHA1 | 936bd2d318c43748db02245de9cd11ecb041e14b |
| SHA256 | 5b75a66e2810695d49c970fa4a91e98a086a86d6eaa33cbff761ea3ae4d12062 |
| SHA512 | 489fe65866b956bac4b05ab2b79a49571f4f7beedad174ec96aba4e1fa29f8e0656ce68050a413658ac02f8f39af5e9bad28d98e81734a9461b7c7582cedd0de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9bffa4ca1e09d8669cfbb6af5645416 |
| SHA1 | f7652b2d1586fdea492ad49fc56ac961e6597cc8 |
| SHA256 | 4f98782a0643664d97c2deb7ca29080aa4ef3e6141027bf16a70a2433e38c91e |
| SHA512 | e62bb431798995698493ad03d3267501f70cc9b5d59dd51ac12bc81f9aa8750776e3de7b4687a3255053ee584e8d56d4f40438d39febd0f241ac266177e848e6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 04:57
Reported
2024-06-02 04:59
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8cf31e2e42c64ab3daf729bbe34cd7cd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3748 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5704 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5936 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=6096 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5796 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | lerloy.com | udp |
| US | 8.8.8.8:53 | lerloy.com | udp |
| US | 8.8.8.8:53 | static-eu.payments-amazon.com | udp |
| US | 8.8.8.8:53 | static-eu.payments-amazon.com | udp |
| GB | 18.154.84.89:443 | static-eu.payments-amazon.com | tcp |
| US | 185.230.63.107:443 | lerloy.com | tcp |
| US | 185.230.63.107:443 | lerloy.com | tcp |
| US | 185.230.63.107:443 | lerloy.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.lerloy.com | udp |
| US | 8.8.8.8:53 | www.lerloy.com | udp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 34.149.87.45:443 | www.lerloy.com | tcp |
| US | 8.8.8.8:53 | payments-de.amazon.com | udp |
| US | 8.8.8.8:53 | payments-de.amazon.com | udp |
| US | 34.149.87.45:443 | www.lerloy.com | udp |
| IE | 3.253.183.112:443 | payments-de.amazon.com | tcp |
| US | 8.8.8.8:53 | 89.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.63.230.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.87.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.183.253.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.22:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |