Analysis Overview
SHA256
60fbeb20151b404f33c004b6d86b518f84892f2c0ff8887191b4bc49fe284e27
Threat Level: No (potentially) malicious behavior was detected
The file 90fdfd028b89fd186889a59a250d1a2f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:45
Reported
2024-06-03 07:47
Platform
win7-20240508-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000d2203ed1ef272608ea04c2c028daf598f65ff7b48a3d8bed694efe6c005e5a07000000000e80000000020000200000001e234337a9fc14d6f1bab28a1835155e2679c4b5655a118417bd793b61d3a9ae900000008a115bf18e9086d4005ec071322c49607780fca1c568943524cba671bf5d48844048c46afc104ac3b1ca9427c7801230d299d795853c8aa32f9f1307ac880b361e3f8572d92a006e41e3b2c1a32731acaf1d7dbb1a82363bccb805e0026cdcc71cf1dc361a646bffedffe4271e9749b633a5a08e843af19fb4b59b243f314a7500be00d8239d25b0469815c0f50c60cd40000000991bcf1ed4adc7decf5a170dec0e3cecb9eb7497210cd0ab184f7a7767552d33bad46cc9f02632c43badc7c870bb460db2ce4000bdbab6fcf5854a1df52d9ca3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423562576" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000001045498db99a224a9480665af6b74c1ab23e7e7d9f0788942f55d73b7c82015000000000e8000000002000020000000a1ac6612811fc02e68fdb9194f3f557f411a181a0f5031ade9d9ca0f84b9514420000000b7b377c22218d9ae946ad9e95598d81261911a9012af14677fa594b570c9fc8540000000d7f57196ed7f652252ff26e2efa505cc2d6a71fd0c6c768a87e2e7cc876fc253a5a0d39d172e466f00c52b4eae230a6d38ca8b517460f7fb47d20ba8f3754eff | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f073c00a8ab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{33A9A071-217D-11EF-8C71-D684AC6A5058} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2208 wrote to memory of 2132 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2132 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2132 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2208 wrote to memory of 2132 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ouurt\index.htm
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pmi.peoplemedia.com | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab458B.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab45EB.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4600.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 878b78f2b7a7eee21f6882ed2109a595 |
| SHA1 | 24b0ebe0b459b064c41cdc072c989f6dc25c9e4b |
| SHA256 | 59b5c888b99cd10c3cb4504fa00f1608f494d866d312f501971ba5192bd8038d |
| SHA512 | 694593c4558b14eef6f5780dde7f04a377d5db5d786b60d34133a8e6e59ba23bd31124207207ff5a00cf6d275f5527c80a5e8f2b70fb3179c23bd0cdd24bbe76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 623ab318dbf3ef4ccf6ffd2dcdae7c6b |
| SHA1 | 7f2212b5e98a306dd56822d5c6e53806301677cf |
| SHA256 | 7f0de0bb7eb7450a44b6113ed08fd75f16ae801d20db46f22ac469ec8e441728 |
| SHA512 | 484ef757c16a9e09473eebe3729f83eb76bb499c4ddbfd461b5c5e2472d3c49d47e77c3e10b5cecae57d60e65afbec6299c3a24065c198e14c35cc91330de68d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c01853ad2dd62fb6ed849c8c64f032f9 |
| SHA1 | 5982599050f8772f545c464850a39af887d8a72f |
| SHA256 | 829a95bc3c794523cbb00dcd71fb4077b1392d6b09d9cac1f8c64f723d36b76a |
| SHA512 | 39b9606c8b52e684b32769512610561d6c18ff50b75ac1697e3f194a31bd6df686165ec17c99615d6d9b392f56ec1c7400d022ea46774d7b96a76b0300609c7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 848ee0d8fc1b05aa49ab2f3f3124e2e3 |
| SHA1 | e8ffe2408100e886e36e42bb6a4b28c1f9d51dde |
| SHA256 | bf6f4a2a1e0bbf710b782116d13b7f735152fb628610cde81065a9cfaaec39b7 |
| SHA512 | 79ff7022ef49b2d586fc751854e4b7dc147c10547d1efa43cd5ba349f60542b601e01e91478bd4189412ef751a31ee6ef1c9d05f01d6ea5711d77bb4ca26ac0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2adb8acdd183918757407b5c4a7a9d4e |
| SHA1 | 1a2b015dd1e2d39e5c752ff2af360fe021c75476 |
| SHA256 | 16c73d50c0b5a675de18c3e569f8e609e451fd6811e9450740c7d14af8a09a23 |
| SHA512 | c1d4d7603be02074a5efb85c83811618bec7aa66c9d65627803ead5328cc7f09f27390dd54821867e1cb9093c924ab2ec856234edbad792b001e25b61b7fa67a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7d75500e957e8015dc1c3c12d090e5a |
| SHA1 | 66ef649a3f52ba34a7a7401139dc2109e464829f |
| SHA256 | 07ab67bb2ffb1931b4dbe0ea3fc62a86af9650f7c44b55e611cdf5686ab46d69 |
| SHA512 | aedfdf38f65f01a34dde9d28d3b883587872a36bf3873e68ef5ef92c17324f11c984bc199e1b977cee09159f345f0eb11467e4a63e4e95ce7cec8f3b6abb7742 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11d491d5bc6e3a86737be91d6bc0dda3 |
| SHA1 | 203dcf53ee8a74d2c7941461ebf7f27192cb40b0 |
| SHA256 | db96e86c8392f8956eb245b93ba681ac61c5ee5a324cf4f7aea6f758d5bacc65 |
| SHA512 | f10b8304c17972beda0b0760c7f8a39d009960de1d7751b3edc631812cc86d3d1e02d8e8f74624d16950e25bc9f1fdfe4e18439bb5ff9c6ba610b99195da094d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb2087b5ee6e88a68899a7503c6fd290 |
| SHA1 | 9bc1f9ff0b96fc9f1063ee0c2f9c5088a8827f03 |
| SHA256 | a9198c4ee61234d669b4e25fa6ba46a7e19a7fcc4c5f46c8fcbfffbab4be1303 |
| SHA512 | 6f482a84a003ddc68f19cf9c1995c97b5207986bcbfae2ec00d6c0658f6f0f68474a50ae4e3b06c0b478129050551719a254d7fc6997d61f4b797d0578fc4d6a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7edac4d47d5919bc3517e48437c674d8 |
| SHA1 | d57672af0f8d97b9fd88ccdffb1c10e3d6921714 |
| SHA256 | 026e21dcf212ec857fe479cc131a45e673eb7979c22a226d4ae884c8c0c5c2aa |
| SHA512 | 4100a0e7b01c7617a452fa13f18a469917b96dfab70ee83202279237ab8054c38f913ef1184cbeada940874cdeb8486da965126cbec8316c2a77eb49eaabc9b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fe881a65891c5418018f77e4722fb14 |
| SHA1 | 00b47f5b4a5abb6ef38525a738f914e61177d0bc |
| SHA256 | 2b35e7ab56f7c85840711363e997f41d26430972591219b7b299e4e186e1d218 |
| SHA512 | 6d85dd6ed393864fb225a892b515f0641239549215768c3cc497907f526d180c40df8eef7e006a69c5b31fdfd1cfb444e57d0477449e635be08f661251a63c10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 566131743db6a590faa8438f3e65ddee |
| SHA1 | 3148d690262a58a6f8cb185129c1255ad1524a09 |
| SHA256 | f9ea88ff7c78a669915bc227dda255c64d092056b94394dafa51cb5b9b10c2d2 |
| SHA512 | a1cc3f923914daa068e5a0860a4b75a3d42189f08f39ae247ac23c24650c603801f5ba9a985bc1ac9f6b1dd52c994ea32049d49b85d4a37bf4492c322473d866 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3232e21ba4b05d9470a2df7c25a888c0 |
| SHA1 | 3e35f07cc192af4896c07efeac3a108b9d12055b |
| SHA256 | 846ef869f3943102bddd9bdca494198c49002e4ec67bf4c2d52d261f8d69a952 |
| SHA512 | 21a0ea6384ab705bea7190513c297bcd7dba7b680d4e3beff42dafb56a87702630a38c0d3b398d41e57c97d21b7789fc2ae6a5158702dea48bed5c3b299d5283 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1c816a724c545938b54a3cdcec8e831 |
| SHA1 | f715580c28d8e7b76d99a7400936c90b072d34d2 |
| SHA256 | 70813560da0e966f8df9a439e94947dc3b10b6cdffda776c4f118c88823c27af |
| SHA512 | 75b880cff15c2a780decc8b4e75bdc58d6d75bb6e338799c35378c512334aa0bfc21fac09948daa87a2d345c7d90746bd331dad3b26c313dc2c148bee4cfae3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cea186bc122ed63045dbf90db390d6dc |
| SHA1 | 05b4a1d8efc88311e8eee303430104887249d3dc |
| SHA256 | 87b8274d7101445e1ab3f5ed113357575b3f6081c009a72ee4802c533bcc3d15 |
| SHA512 | 751336076f9546dba6fd20984f504f9d38a133cde3e2725c7840fa62250e1b3c9a0f893d25771faad43ecaea1e8cb1f8b2104daa3610438b127fc6de3e671d4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5265c1f1acd1d044d349e3414160a3b4 |
| SHA1 | d49ce22e2c922ce7f3a4d068b98d3efb2c9c0653 |
| SHA256 | 17154f2399692780a13453d6a35ff457aafd76b32330911c609555937168fdb3 |
| SHA512 | 9adf99977eb0ebb68626b2fa0539881ddcd676a5f9a7b5052749cae009fb03cf3060d78add5d475584b35953bb9b894de0070b6b9ef55dea63bdd727ef6510ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8f24266ea2a5e28dc132e9ee89f6251 |
| SHA1 | 3d8d8abf7ea8ae6e0ebcf539ad08e0e5ae013143 |
| SHA256 | a05fc3d0a127f50a796e639467eb96c70db643562ce370a254ab8d867a1a5ae6 |
| SHA512 | 2d24b7be679791662d3fd3c362ff4dfa71c88ca849e3cca53c1693f277156b4ee86f838110390d2706d69a56b7b7f9b3bcdb9026d25e9451ab00a291b84dc6f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca84628fa6c556f8bfd6224be42d9eca |
| SHA1 | e353a73d174ee05181211ca936cdd36e6da2d4ba |
| SHA256 | 02d4bcc3933696f42b983fd7a0dba24132c0c34e5b88c87dd3b31e55dd6a443a |
| SHA512 | 7d27db12f3003b9832ae14058cdc6a9a9dc2b75ccaf703bfc41245b1d174a1db066fbae595289fff8ea7cdc7caa51ac036374be8fa8b3715d5bf4be75c42616f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a55233d07672c9d33361e420c6aff629 |
| SHA1 | 159da0ca851b4554b2f1343579f4a5f0091caa71 |
| SHA256 | 5549edb20158492c37badc35c79319cb03d0bdd4ea1dce148f25d7189cffb877 |
| SHA512 | edced4e70d6f893ac59d57562edd3368f16bd7d352639c20952115d656980362e7ef761c69276a43a8a578ce3d1f301d536046b3020467c586af5b677f04402f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce788941702a1970d7e167422f4f156f |
| SHA1 | d673ed26b2c744f81f0c774158ef5160bdf03367 |
| SHA256 | c1809b544c202c72f6bab8b85dea76a944b59f8bd8c08c6ad6a9557879b5a27a |
| SHA512 | 8cfb83b491d3606cc0359b81e5aaed2caf8df143b643d191aa9caaabb6227d7d9c8f146b36f70f5817e4e00ceb284885a6d2adc225fd7a2c032406be97ba9a64 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:45
Reported
2024-06-03 07:47
Platform
win10v2004-20240226-en
Max time kernel
138s
Max time network
146s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ouurt\index.htm
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1344 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3928 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5112 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5828 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | pmi.peoplemedia.com | udp |
| US | 8.8.8.8:53 | pmi.peoplemedia.com | udp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| SE | 88.221.27.82:80 | pmi.peoplemedia.com | tcp |
| US | 8.8.8.8:53 | 82.27.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.134:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.22:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.65.42.20.in-addr.arpa | udp |