Analysis Overview
SHA256
b24d0f0845119b8cbff2706941efe9fca7abbde78704330ca5fa3fa98ae6fa9d
Threat Level: No (potentially) malicious behavior was detected
The file 911043424632f443dec6f44b5043d22b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:08
Reported
2024-06-03 08:11
Platform
win7-20240508-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10f1e05d8db5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b4df00bfbd04a9e52a552b12c5ef5cb388c8d410e90c4c8e5feeaebbb3ccd80f000000000e8000000002000020000000a04f5b547f68136004754556fb9ef498986244832a85ae2c9b6589301989379020000000c88f4f570c148fbbd16177cf1a41e6b8a72d4236fca998e7ad6e26347809b924400000005f361a5f9253d715f031ad4ce9e68a5c3b9faf7931f3ac1f05f21afee77f4d35ee8921f367e15743278b8046efc341ea7bad67e5d335f2b7add8689813fcc915 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423564002" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000009706810cd7da5d7024f8a9a84d10cde9d8c02ea987b83870845202e9dd4f1f3000000000e800000000200002000000041189297e249b14c7be6c2a0adfb30cc27c8fbd80d887b7c5ca487898654d58c900000002c1715534f9f6bbb3026411d21a905a24704ec48d59bbd2769521151fd2f3bd137b882e8bf533454cd4c44fa1c6f2c1ce4b1544bacac9f74a7855badb6a468cae542b13cda2f5ddf2acd2ef44bd35fe1012d756354a205b6db07490f6712446549412b78779847abaa94b6ac0f22043455934b4b012349382035f912f81a24aa3200634a41e9a87dec9c82cdce23e23440000000adc18490af9e334a3f02f8d5ba252d4ebbcf529bdda6fa8abda8f3b9fe8844e07b3303f35f076f4c1749c422503f96cee40c28603619078e417dd980e5165b4d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85A14561-2180-11EF-BA28-C2931B856BB4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1700 wrote to memory of 2204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1700 wrote to memory of 2204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1700 wrote to memory of 2204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1700 wrote to memory of 2204 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\911043424632f443dec6f44b5043d22b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.natuurlijkgaaf.nl | udp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 8.8.8.8:53 | jesusmints.com | udp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | ad79d92de5488b7c99db9c491d28889f |
| SHA1 | adec9a6920309164e650d0758f1db21f9dbc0373 |
| SHA256 | b87f97aa7c6f2480370de42b943c0c28651e198bfc7af4040d59c4c6f4aefd2e |
| SHA512 | 7f4fbb3e9210e55542772338b26bc3dfb41b3f3e9f2f9e8472ae77f10ff5500563a5a4dc30ff685ca5b8d61f852545b8f15a52f53bbe8fabbfddb41b51f7e15d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6D6296A5AFA455307176976F531B31D4
| MD5 | 3a0bef22f52367a540fc87c2f64a819f |
| SHA1 | c620d5e32400883ef0315cceecce71a7f036f5f9 |
| SHA256 | cfd5b949b53fa973152777c6cbe2638a1215e0f0f706c9271b6d69095e137900 |
| SHA512 | c7468854c103354bb753438b74e160fd9d9b9980000cc354bb5f1897f77f791a9d46d3870f642e4c498760f02163f2e7b03514dd310d2531e27e769ff5f421b4 |
C:\Users\Admin\AppData\Local\Temp\Cab2FAA.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar306C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 458118ec337fd035b43d911781f78d10 |
| SHA1 | 158178bb3bfc42fe664ec916f6a7e3fa3f6a9c7d |
| SHA256 | e5884b5f073e09ed454b22ff5cf3914297b53960793b10d08bdcd0521e5edf09 |
| SHA512 | d1087c19a0c92d93ea91b51dca3784105d018dccedd32c6b4451ae3a1bfadd92d0f40b5b6c791a6f119b21dcd6a72174ce438a5242262edfe506fe4c3567a237 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1482f7f578b29214aba9860a5d5d3599 |
| SHA1 | 80bc8609f123a38bdbfc7333da373122d0d8fa68 |
| SHA256 | 218533d6b5d32e6180ee9e36100b4cbefca68ac4fc9488a0de3732575cba28cb |
| SHA512 | c000ae7a713a98003805dbfa60443a3beb308556265e2ce3f5a6324104c7dd390d55ef95f8109e1adaf7bd5bb531866e2037a4db5f165cd09f750f740f4ad688 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 899370fa2d434fe87d5eeae1b2435108 |
| SHA1 | a79e984b19887c034c0fc3bc90a63b673f31f355 |
| SHA256 | 6844f63a41999415b5f1f155dadafc8a375cff23152850e9f899c2cd2ea5c743 |
| SHA512 | 7cd35f75df5f94e88712b1a5cb35bdaef54e7cb778f40202042ecb6d31b6de945fe79d944bd4e775a93bd2221f887700515041de48a5c7654e393d63bd477847 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 183c2fcd18df3f4b247979167c644418 |
| SHA1 | 83ace39d146d22973f7b62824c60a7d8056e6062 |
| SHA256 | 763f9a4ae9fb03b6a2b32b4abe4717930ef3cae91633e0fae2fcc06cfed8e51e |
| SHA512 | 488ff48fd9521a026091237480b891cd187f9ae868742b2c9a37a09d56779030c522e8e11b772bd534b7bf3f69a60072545bd6671e534c226f315b18c6f7400a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 897235b882301722f94af32b6e550240 |
| SHA1 | a5f554bedd5e4e14fc6b29e813af55891e11e9d9 |
| SHA256 | 0adbfa4992820f9ff812a3dbc51e128c3849f3eda45f7dd79ed3a1743863ab65 |
| SHA512 | cfb48c6d20937cfcfa2fada718602657e96c998743e26a89704d1595f5d09ed2950f7cff8bb7f13e7be3e652097fa09eb3c1bf52f6fc63b3a200a339a25d6169 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2e48eecff71a9c75b6af94ba4b928fb |
| SHA1 | 9a1be082c5690c705e5a158e6d01aa0127920aab |
| SHA256 | bd07eb5f8f88304fda0ab17175cc559d981332e8ad17d5766a283f3ad9976df9 |
| SHA512 | 87c63aa2d27544b43ba7763900baec4d6d36cffaefab9e7b274b4c9f767f79b57ac2bebba5240daba7b045ce9e1714407210b5cdb210e5b41bd7701a7d31be7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09d9abb0e9febf48f36720f1f29d4393 |
| SHA1 | 139959a96a9309fec04b2be7846315cdf461d45e |
| SHA256 | 0b76b2c775ebd0f5eff989e0c850f88f183652f38d7bfbe9137ab5a6f9f6680e |
| SHA512 | 59410cee0dfa2eb972f0d51706705756a84fe18b9fe172570d92b84c19bce28252460e68f436f76a6d8e2160fe5b852b5943e5dee7724d8c6e27786288f915a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2912087ccb5ade1b402216939ade785d |
| SHA1 | 9194582b7c72b11ac3bc47bc91ae95198ebcf465 |
| SHA256 | 4a315ec564590407565475c0241f8acb4097783393b27c500fd33af3a7aea67d |
| SHA512 | 097dea30373eb16db0c1540e341cac2e4dbec432c7a971e39d790ad7a7ba5acf1f6437c29c29ae0480564730f09fba7e466f00790785dff6f7245acbd718d893 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e55463abe1e30b724b8ef45083c26063 |
| SHA1 | 4f6a8dd8fcf603abdff494a1538aaa6f7a9a8f15 |
| SHA256 | fdcf2aebdc18b4870c4e2e936e1cc85fb2daf2e3ae8bfe28cb4dd238d7da914f |
| SHA512 | f90a417a721c0f7d94a19ccd2390cc0aa03c56d30505343d85809b04eeafe551a52cd9a81d801422b2d12329aa6d050342cb311c8510c2d430303ef8fdaeca55 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2adc17a27a6e213344811a58e082908 |
| SHA1 | 5f6ecdf0f7cbbd50ec684a4c3e91ee5a469e4fd5 |
| SHA256 | 956a115020f3b4c475d67b9279ce6a62cf3c167704f7c6e66bdaa4e028551587 |
| SHA512 | def8268345b47634a4584fbe239e341a45a36f4a72ac660ba7704cf1df8e4924425d5df0dba86b2d8ca9e6fcfc0aa0cb3daff33676326f4a96c2cc8fa4f59c00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7134b54f601c8dd76fec2bd05d0233db |
| SHA1 | 6773076572cd05a5b0271e9737891915027a222f |
| SHA256 | 698f8bcc160c045a62e525f649d9af6b8f5ed10effe43e81808abb6a99ec4430 |
| SHA512 | bde784f8ed5e1140de7cb1a306230c7574bdcc8bb0622f2be176f73ad3ff2021dc1aceae842e700278abda9b2e1b046a5bfef8f6c12fa1c09cfe007d36257b17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 336368205fc544bf686ec1571f427aa4 |
| SHA1 | 89ce4ce5b7a10570001cad03c823258b99386d71 |
| SHA256 | 9a05aceff19b62d6d1bfcce4eb7c677bbb185a757ac081b4edf0e828c6301203 |
| SHA512 | 9c36130a1b155fd6d21b2e2c22dda786e86266863a17a0744874dca8d37e96a63d955951160366bb61f8a8996ce1a2b7c0d02a9310240d86dea5d315a351ff44 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:08
Reported
2024-06-03 08:11
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\911043424632f443dec6f44b5043d22b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4992 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5404 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5724 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4756 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5980 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6132 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | www.natuurlijkgaaf.nl | udp |
| US | 8.8.8.8:53 | www.natuurlijkgaaf.nl | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:80 | www.natuurlijkgaaf.nl | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.natuurlijkgaaf.nl | udp |
| US | 8.8.8.8:53 | www.natuurlijkgaaf.nl | udp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | tcp |
| US | 34.149.87.45:443 | www.natuurlijkgaaf.nl | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 45.87.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |