Analysis Overview
SHA256
5928f12631ae9ea1d2985d64923d3e84cabba057d4902ba94d78cbfb2e39df4b
Threat Level: No (potentially) malicious behavior was detected
The file 9107a2b1bf772587f011591362a50132_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:57
Reported
2024-06-03 07:59
Platform
win7-20240508-en
Max time kernel
142s
Max time network
143s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E92673F1-217E-11EF-BB21-6AD47596CE83} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000b1fa123f6bb1eb5057468de0cc13b6d71fcd67a223b4d3a82a977d41d997abd0000000000e8000000002000020000000085c11d1a1cff77eec09b56103dc132708db0245239fe95a44d3f549c9ec0c6420000000a0f7f55b59094f31d8513fab76cc98878e0b840bb208ed7754870c967224029940000000963c235d45235235ee7b1f538e4f87f106065ada6a9e1ffe39babc7f3aa61f48d3d41957cc50bc587dd5ccd6d9ae0996317f3526b48ccbef71eb9bb8da3fb76d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000d750195436c6b35440ed65b91690d63e6b5c9cc15a5bc89078ea1768703b87bd000000000e8000000002000020000000c3d832b6b673f0f0b5ccf346f3c7b132dbb32cb5fb9a0d7f13f2d32f9e46aeff900000000d5f8d37ba54686068ee9918c54e37f566565f9e451282ff637bd97f2e411d17b8eb4d0def7aa87715d12712ae2ba33b18256b569e07f3b3b38caa97c8b28c59729a2405a9e660306b8eeac7fc581b43bcbe3b72d8c4ed68a477eb616c5fd206f987ca1791d6e337e7672759c901ea1b6d7ee9399ce3ec71fd77f91aefc4f62dd4aa8c8a02dd78da2c0a91506ffd301040000000e090950d0dad30815d9c70619c7a49b4519decbd23723107d608f945fec1c0ba24d102c895b6c594299a528ddc5d7c86f14d61279b63daa39f8c822c43527ed5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60a7f4bd8bb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563310" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1700 wrote to memory of 2028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1700 wrote to memory of 2028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1700 wrote to memory of 2028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1700 wrote to memory of 2028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9107a2b1bf772587f011591362a50132_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | ww1.pornblogspace.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| DE | 64.190.63.136:80 | ww1.pornblogspace.com | tcp |
| DE | 64.190.63.136:80 | ww1.pornblogspace.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 02a2016facd7c8afd64daa608dd7c98f |
| SHA1 | e11632b6de4674251873cf40b3d6b7a94ca67eab |
| SHA256 | 1fb603f2c17e5d2aa7fc61a0393cdbc420a05c08880adc3efac5fbbd0808c419 |
| SHA512 | c887878e7965aa713a9a3d881ef09a9c785f01bba2207b40611228b09fde8898cc93ce524fae09d59193c1153ab61d50edf64b94764de23f249b9fb486e6ccb3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 1c0b1b0e5f060fc2939aa049fa770af4 |
| SHA1 | 51f7234e0e96eb2426e39254a772cd35df85f707 |
| SHA256 | 64fc1279203c8162a33fbd00987ce4abfffab1ba445afe1231001a9aed9d01f2 |
| SHA512 | 53088505395b79e8bc00aac6d6fdabad4ea5b3fd63423d866d4593940494078733ba1813278094ebddb3541d53e5685caf8bd3e924be51810138e91d85d5dcd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc6cba32acc261295db71a1b7338a41d |
| SHA1 | c11cc2c60fb4758cdf44c14c137ae0b80431ed4b |
| SHA256 | a9bd5beef5cf5f7115dda623bf1cd61297b7b1bc72593f21b5ef54754e20f34e |
| SHA512 | 3d361fd9a055cf7574169def7f153349b129c86ae1226bab2b094dddd44a92e95a17097a2a42a3c26221ffd239cdc1d02c8b0a3b93b93261c52af9dd4146ae75 |
C:\Users\Admin\AppData\Local\Temp\Tar319E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab319D.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3222.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3aa04c02033b6eedaa03091487cfdb13 |
| SHA1 | f1ed77e2fe89231b85ca5dbe7e00f6955cce736c |
| SHA256 | 0d7f3941b5a5558c599eaceccf21ea36345e3982cf8b83e5061f50110bb508b6 |
| SHA512 | 8f6d433170afb1a308f8d0c4631ff0d775e62f4fada2f1dcbc9078f0859ff9ccb1ae85f870539046ab35577534d4ab0bd4a3a1aa8c218bdceff0382ff54d3a21 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 273ccf51be7d8025e4d94b730d32554e |
| SHA1 | d6342b27bccac18f382187f59ca30d2440f1c6e5 |
| SHA256 | d0dd5b6bf653d0bfa8678225a6fa138cd200088a2778801f5f7babaf07af5ee0 |
| SHA512 | 164cb3471ee974c4b6adbf8d9a5fb2f155e199d8a3274ef92dc6c869a81fce711758c261e20acbeb492c5c49a641345e237ef15dc7aa160b40b0614f78999a7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94968c99dead30642d19afae4c7082a3 |
| SHA1 | 45bce8b6caa64a1dd1c064e37bd573e551c09b9a |
| SHA256 | 6ddd8b1e029885d55ff59839cf37c963964c26fd959d1b9ef886c16b8d8af876 |
| SHA512 | 96a46ea580f218e83ce47916e80e4b985cf632ee9f5ed3ce9bc70965aadb7cfc8a73fd211db372c419b35241d57ad5c30cdd73e647cec9c2e89fe756a9efb99a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 433bb515d80f1fd77202c9548356ca91 |
| SHA1 | 4dcfc6b5f330e402e924f5eb7a6b1dbd3362113d |
| SHA256 | 9db09d32a28ff25d97bbc714cdf5e45dbfa9d1a412569e762e430c7a19fca8d5 |
| SHA512 | a752c9f092f904bd16909f5f7b2924a65ed120069b057b2ba1df9031fea98d314297762e96bb05f977da37ac5f37432fc04c202f47c2bf50b795e996008b0865 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e102c3bdd463e97a06a2f238aa02f4b2 |
| SHA1 | f96c90d03695022a39c7153584ff0e87c52a02cb |
| SHA256 | b5704bf3e64949a9156c4f297353e5b2e36c1bdf4813b2f9576eacf4c4943071 |
| SHA512 | cd0fafb33241e412ec38f58775a455ee5c9d9c9e05bb497e63b1913411b3211c8de6466ef2293aafde8b12b74b099aa6d09460ad6d63a387d3bcb0d87698069a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74430c677d001514520f2a5e02aa47a2 |
| SHA1 | 1406d06d82182f0fbf3dea7a6610ae44b851466a |
| SHA256 | 208852ced142ff836781b1abe0637a4501cff4543e1b14b4e2f5d0187c721096 |
| SHA512 | d849549a7f1ed514b7e95fb67a587de04925f20af5753a5b104d091cc3f36eeb8a241d542d90c9f3f6c62acc0767cff1e25415d63c950d559b092c9ad425d536 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5338fd280eb69c62a05789426376f287 |
| SHA1 | fcbc39446752b715d00e315aa819136eb7139730 |
| SHA256 | 297b494298298f4650dcd5291ee8c628167d1c8c815286dc8deee3a2b84acd69 |
| SHA512 | e5089b23526fc9707dfd8f68faf5851ecc8849b2133e78f845c226d5945bb17c52fb2a5d19a2f330a163104c121283f970123bc3bb2a2df66022c501777f4531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecbba34430458bfb28a03f30c261a86f |
| SHA1 | ef3ffd8c80aafed905079e79f445ea3b90acce46 |
| SHA256 | ac768ae87d82e5811081c6f89fd68fc16089725bbd7c4610e581d10b2197dbcb |
| SHA512 | 2913c07b1e68ff99a4cc40292bdd92dfb82d181e39da714c9cf14a1aa3261f274762b6ff7ee2059f84ed3f6a82918eb52ad19942353db09b8d2e8db977bd9235 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a789db1c1d83d09c0aa1f532e10f74a |
| SHA1 | 82a74b3dc4283402ba5fca39db8139a6e729f9ee |
| SHA256 | 6f63e93caee199278b92644425a62c4f449b6f6e3fc3cac202b4bc429971a8cb |
| SHA512 | a7f331d1fa5018d1bbbadde442120030b836379be365c19aca54a1d27af08ef4a27fdc5a6e5d5aceb94c98d80fdd4aa20dab41024011087135ad0b2d602c0376 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42fac59ddc8d97c088c5999350c7dc4a |
| SHA1 | 776ac222238ebacae062e1bc7cefd405bc711afa |
| SHA256 | f171bca41bb82e028d551d391046df745db2848662fe8daa97ca804bca8777af |
| SHA512 | d14c0da18564f75426485cff1c347f51fcabab8719c02bd9167e989038c23b558473233f08cc1768de48a58db54fc98314d72fc7a77c84ffa5e0b9bf3779974e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebccc631d356cd9f4b8781f11b1eb20f |
| SHA1 | c5270aeb8ae5854d51f213c0693b34d5094ee7c5 |
| SHA256 | 617c5584731edabc1dc61d7fe1162a347ce08667eef97ddc519670c76826abc8 |
| SHA512 | de77c412187fcf3934162a0417cabdc089702a093bf427ae6ed62d7437cb1c3a18a290747c71d9863516f962e23963a374a4f4b641457037a484980977f59c16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8e42340c0a5fbe17340bc9152d7273d |
| SHA1 | e7daab9f98327a14455d699a06750c991b7c3f9a |
| SHA256 | 271123208264b8e3a2ec3781f64dff6740c8e98b4c0a604291017be6b4ecf988 |
| SHA512 | 198210d9af94c2c195e3a3d627d01f0b77647b86aeef87a82a7a2d0c8b636a0ba2a7f8ca7376e56c57474592dd926ab32720515a5d60e76fd3294c31314077ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c14212f173d335b2faf76abfe485aa86 |
| SHA1 | e9533bc706b9285f7553e5d05d1ff602786cfb3f |
| SHA256 | 5265f9268122773523c984814a4c433230125c7cc9cfd70cae33ba6b0c78c5fe |
| SHA512 | ca7b494c08c41e001bd5003e3dc274a5b7adc47686321017efeaad2d67070101a61b3f3e8bcc78ac3de614f943038d767559552bde3da4aded9cb168ca43329f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eeb101ba8d4e03cf08ca7e3543bea0da |
| SHA1 | abe994bae9af29e0fe64c233fbd06804fbb387d9 |
| SHA256 | 49a868381ee70f431a610d96b99c50f4c59419c1f2e3d6da04569e8364cf9305 |
| SHA512 | 9c1804288ad6e9cdd406aab0889467deeb3bf8d5f917a6613d28ec364bda89756b7cbc5e90b1ee0751b0833a3836723371261999bcdb1638e76bd485066d5e2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3413bc1da77d73162dae9fd7e55f82c1 |
| SHA1 | 00aa36d221711921d71a631d0007aac0c2ec91aa |
| SHA256 | d473cf8b14a48407f71ac5cd40e7006c607b8f7b5c9e6a24c35f3843fe6ea5b7 |
| SHA512 | 7d855c01f55305c8aa431b0713b26d94be81a1e6d311ff524c019d66d7aeb5713bf009ba9cba7ba9dd4ddcf91e91aceaed995947a9e6b635f34468e1634a29fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10e7ab6c5571b59ed310eeae7420a493 |
| SHA1 | 7efaf566595ba3df5023d99fdd4646df64834c0e |
| SHA256 | ea05539596cd316ff34ff1187657900339dd0bed4682d2e1d2aec22d3c2ccfc1 |
| SHA512 | d28841f2fae097f49b02883a28cb4dc267ea725a86ed9ba473866a28d00262b340978f4114cbbb16554f01785f3e52a838625902eac2ff7ecf0866a0ef2f346e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f090725d2f7efba056e1b33d4f90579d |
| SHA1 | 8c5433e29c4c9be37edb23907417e78d4948ba10 |
| SHA256 | dbf2a7d7e8ba8bea359c922eb9af883eef7e085c15be026564e9fea9b187f70a |
| SHA512 | 66dbdf028312125218585247d38378f696b7a5600e474a6a59c7ff3de07ee1aaf3c9350219c3e0db617b2fa231b428a1d1a5b20d7975414d642423a040311cb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a83fa8231beff0c7dc58c919bfb8b7eb |
| SHA1 | db20f15f138b66832eb046f04111680117a76032 |
| SHA256 | 34f37ca6ab6fb57226b0e125df00633ed5b2e6ae898710c5e97e8ed1b267239f |
| SHA512 | 030e2c5c4c38e73b81001b55df1dc943863ef98eff4462c37e33ed79965991fc05a157d63a30d602944617275f7ef1d26facdfb1f7ebef3059a6df0517cd0af0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87fb659cabb09673b557d067c76a8a01 |
| SHA1 | d0b3e003c98c63b008a7e0482bc18f1b8ebbfcb1 |
| SHA256 | a609cbfacb637f33974dbcd0ff861ea3bceee4e78b3979f09862c1dc2e010785 |
| SHA512 | fab03015354b024d4f9be8fa8fe6c039c840d28e2bbae7aa1d989aec601d88a88c062aa3fdff2ff3c966ba4d10af939f8852973d893c38a63fe4facdbfd1faa4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:57
Reported
2024-06-03 08:00
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9107a2b1bf772587f011591362a50132_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5328 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3908 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3540 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5308 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5892 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5960 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2064 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.134:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | ww1.pornblogspace.com | udp |
| US | 8.8.8.8:53 | ww1.pornblogspace.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| DE | 64.190.63.136:80 | ww1.pornblogspace.com | tcp |
| DE | 64.190.63.136:80 | ww1.pornblogspace.com | tcp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 13.89.179.12:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 12.179.89.13.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.229.138.52.in-addr.arpa | udp |