Analysis Overview
SHA256
11b980a64ece94e9480aea935d48f1bce23773fad8cdf855c406c73c5a6dacf7
Threat Level: No (potentially) malicious behavior was detected
The file 910ab2dc5e6f24d027c9276ef14ef19f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:02
Reported
2024-06-03 08:04
Platform
win7-20231129-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563596" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000554dfe0178af2b439b5624c503d3022a00000000020000000000106600000001000020000000667c4b030eed9b8dcf66f9674b4f2a0be9b7cd3f57db70f4e2f9f10b28e4c730000000000e80000000020000200000009c755ecae8a236ae451315fbfdd6aa0c45db451d1fcc93568076ad70b22574a8900000002c498c7b9ef0545adf8dbe2e8ad6c34d3bba78f252e470e734d189c6aec00052d4f397c23951ba6bea47f1422364676191d7ffcb4ef3d90bcfd02b895da40baf7eaca3dccbbbeb5931cb302fa0b8ebe33d68ca05880d4a830a23b4ea290b11db01203c3a351002ca2393a8072d907033a04f972b4571a61e121a89ba016a026e92f1b3cd347b1ee43a0061b3bf5356bc40000000ea4a4cc4be68c14dacb81a106e56b08b000167c2fde02daafa193de56a17953910dce0ad52d99649d31162d79a5171599265953bfc35feeea0ae49dee34b4f1d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000554dfe0178af2b439b5624c503d3022a00000000020000000000106600000001000020000000ff619b26bf475ecd9926a13e443788dade240d1ebf58fed580327a658eb30476000000000e8000000002000020000000a0f3095a6c0641ae4ed8a32bdd64d5219a6c6d8524b49e9a898c1bfb87b4e9bc20000000c8dddf8b58244cbafb7d782c8348127c54f4a0ec2cb0468762077a416699dd7740000000c407bda2ae2555a55d5421cb086efd8acc13b737b9adc8ae83b641d59020678ff74f6e9e4e2b82f468d77a42cc9ecb12f575e1ecf3ae72a75a5bb84068c71530 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93070241-217F-11EF-910D-CE7E212FECBD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60e4c1678cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2244 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2244 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2244 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2244 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910ab2dc5e6f24d027c9276ef14ef19f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2244 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 76.76.21.142:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.142:443 | party-nwvqdtumtz.now.sh | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 76.76.21.142:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.142:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.142:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.142:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.142:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.142:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.96:80 | www.bing.com | tcp |
| NL | 23.62.61.96:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar28CB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10b8e5a2e6837e7c1e4a4393e0d40075 |
| SHA1 | 30c4d2d53e49bcc873cb1ac201b1be66a7872d56 |
| SHA256 | eb5c799f5efd95b836a7500360765e23b7814d81a767c84cffdc261ac6a7b554 |
| SHA512 | 09510270f973d9d4c6c7844728395743ef221b68b4a3144ecf5451a207fe6a75d434f80a1924847a21421cbf0ff6ceae0a4842f9616b72af86ded7a340bc0964 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 052dc2820203eb8ee550f19828e3689e |
| SHA1 | c5b486e886420dfd4df7f40705b11687caf5c5eb |
| SHA256 | d4cbe4d5c2b9ec6c4d58f90bd1038b8aa31e41063bc327ebbdd57a020220006c |
| SHA512 | b9f4bd4724187a96b2b5b68433de0c37cbe3d72abbf507042f572f6652d5ba74b7f6b30bcf42a64da92e165e4fea047395d1cc66bd07245b211d1ac63f0bd4db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 2e9ee6abd62bf2de1748098e03becef9 |
| SHA1 | f6815a2672193c4bb39099857e301ba96f35395e |
| SHA256 | b5ccd22d2246a2623d5b6fef8c5aeace45ce9141b8548ffc4805ca6cd8b25964 |
| SHA512 | 3d6dd440bb600718462b5219245ffc973ba6dd750daae1ef77e1bbc6ce3ebfdf627c700650b2775b0c988ca647c0b9ea8f51266e872d28ac5ac4246abe8cb3c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc704998286cdc40e6f3d66230ee7f6c |
| SHA1 | 32558fb19e4b877dcc64abeffc1df6763acc51ea |
| SHA256 | 838e718359ceef8437915c323a57bb43a429f1aef0ae9b3dc8ef8530304b158c |
| SHA512 | 21d5a91474db7fa8a91612ece70a85cb551276f77791c464a792fad62f9e40307799dae1a4c4ed3b135e268e45b571853f05ba2bfad51081cc8aa09a8fcb3edd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71b79864b2b0ce0902cd52e9cc185732 |
| SHA1 | 24be039debfb210968511b8e8f3a5c9e8b6bd025 |
| SHA256 | 90b9987002256f240dc258381ccd6bd09164636528e2ed23a61fc5e72eb20d5f |
| SHA512 | 24ca5a886c66f76fc5995f6f5593138d647e12a5b2099e500b83286fcdc7e1a2dcbb28b74689d12a413107b13e9bcd8bc56b56ca44b829b14fb21ea033afa72e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14ae5fd77b203cbcc5eaf13465a92c23 |
| SHA1 | 602fc5cf968e9bd991399168810a7407e68321e1 |
| SHA256 | 0b3d5549729459aaa76cf5725b6a8d4e9f0b2d2015e9f98d7b806811d9fbf006 |
| SHA512 | 957bf9653bfa70c89d2335d9180f3f5cf556736e8e901ad3128a3fd42e3d3616f95c6bae2d45c0305a234a0d4487e2d8cf5ab39631c343b7410b9d245e6bc2df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92db000da7c482089efcc38d68bad868 |
| SHA1 | 6f158eac5c06cfc11b41ee15ebc48b20eed1668d |
| SHA256 | 32ee248f3128c1599bb5fbcf86083a7b3c79289c8f92b8f7f249999651ff274b |
| SHA512 | 875bf0c42e98acc07e0aa9be838ff70305a47622917a73c58009ea1445fea8655fc92c70ac51b86f6195b1ef714d0c86bc011f96be6321602e18f5cd6cd500ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 502669622c74fe0ee136f098dec64aa9 |
| SHA1 | 33d4d18d702b7c2e9b37b47aae3a5ffa81dd1ef3 |
| SHA256 | 1a536ec820cf041dc8e99509a6a6db4465a5ccb0866cce6753a88d0ee6dea0d3 |
| SHA512 | 495501c982b5cebba9f0b2f76853c148e28da6c49e3bf8d5cbcb57bdf2ec1266b4d04f0561962e0397a7d0d2bc6e0dbab553342a7c5fada2843058711c64d357 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffaed18b24fc156770c3bd687c05c5fc |
| SHA1 | 7262d4d188941289873132e6f2e1f84bc21ec087 |
| SHA256 | e54092a9b90ea87d2a0c8253a05e5fd7642f13dc4551908c472d3a031f211503 |
| SHA512 | fa2d35b3f55145b9d590886b1c26d5c8134412c660ecda0feb591b954a755653c361b587471ac0a06b2e28c2fb90b1c16e8875dff306801130460867adf749c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90915027e6e6fe10f5bf24ba9d143e66 |
| SHA1 | dae7d53b5778ceb3c988f5bee6506c0714f35841 |
| SHA256 | 44c4afde64d843a54c2818e765af30780f5a4139a69814db2e0eb21821b60277 |
| SHA512 | 2c3fb771d22634b3219758a8669e6499a2a938129eab933b0d1bb2ed69dcf603adbb099d1e0505c6157267baf3791dbeccd2e6588040fdacbf768d1addd59595 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9fc68776dbf3c97653a3dc6e7a62ad6 |
| SHA1 | d3a5b545c07a4b4ab6c94957827e26e1652ae82e |
| SHA256 | 47161dc3b7c1aef1ff78a49de759f22e83617c2b36a755859f649fdeb38e3789 |
| SHA512 | f053406bc5e6a22027cacd873d47e22250ebf3d7b8840868366cbe810e8d765d357fb3ff2f7b1c7d03a8199b4ef31cca87c0308aff57d03f784e17f44a6c5a18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 263fd999ffac3c7ed5af3a99217de524 |
| SHA1 | ead0dd15e3a80353fd6eea6ad5456fa9814d388c |
| SHA256 | f8674f4c51a2eafa03fe87793c9c93f8159cc9f65f7192d903900719407c5f83 |
| SHA512 | 5aef8d0fd2e8910301241b401285b064deb2e98e31692e936b615e40d3df6a054dd25ad32e72b0e82e87568d7240673d1ef8ec6b68600a383cbc594e4a320f3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fef35085eba0d921b58ad825ea2dc7e |
| SHA1 | c9b33c1034486ec228b38cb344c46bcddc2b2b9c |
| SHA256 | 5ee7fdacad8e2354480ebc78cfbe20b536fd76d286f3f5ff6c76b8011779d36d |
| SHA512 | c7360cd10b80b17c576cf296fe9d76bfa52ef913c88f14c813f548355db610b18ae5be8cef9a9eac55df978befb7440bb766a556cc534b8f4d8fa0ec06967331 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 367ce404c0cacf732d50d9e3bcdd7c15 |
| SHA1 | c73c4c41f4cbeea3b198beb9dbd79e465e9db95d |
| SHA256 | 30f3d188ef6bf1d2c2b3affa52920a294729e9e9f805d24a27f8a75fac896375 |
| SHA512 | 50f97da2080154c6e8d48f312799d3ce0d1dd6374be9bbd7c8ad34fdf5397a804e192fc4df83c8364283e9c3fb9765863cc820817fcf085b07bafeddb3e12945 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34de8c38270c4f9f42e36b5818df924d |
| SHA1 | 95e9cb378dbd88d8c7ee5a73bb0a287b0a8d993d |
| SHA256 | c5c32ad522fc919c9518aed813c55a016714f124b5b9badf16ba908f47792d70 |
| SHA512 | a6bb12d5650dc087d962968ddbe22bf50e3a7a47578164ff1535c99567e50a4646df088eedf6052de949edeaad0749141f601027bc91fd4d94e038e95ca77b94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38539e1ba5e9bd963d50b446e4d5ca4a |
| SHA1 | 9ae21ad062f76e16e15d5f457542f5f8679efbd5 |
| SHA256 | 9ca94a695be96c35a655c8cf69a8b2ef4ebf7146a6a6aadda906a4d2ef0b63c8 |
| SHA512 | 873757b058ecb5f46b5a03393ea0df8fd70f55f2d82485120119df34ba2beba2051f771bb6ee719e14cc79723173122c293da5973d97fdba4bc8a2de752f2275 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fda90ecac4298ebea76b18ae763c6e3 |
| SHA1 | 095007fbdf8260531c2f5f022897b605669cfbc1 |
| SHA256 | eae87e57420213d6ddb15fa60742e5feeacbac10d2c8345bfb4a228f126a6f2e |
| SHA512 | ff153bc05979a5e6f011484bed3d6b87c9e30b7b1652813228ac576845ab55766f0aa8998547248292f046a8949c0104b93b39553a5f154bf89eb7dd49069579 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a825140011d02fa9e6e771c8318285e9 |
| SHA1 | 9436524320a2e3d1e53a468e14d23d7e1deca099 |
| SHA256 | 53f414e03505252c9337137aeac7cc878fa59d7118218d6f38cefc821e1f35b9 |
| SHA512 | 366226adad1d1c8054dca6dc789c7aa7139c7297a8682c68227083033840a518321df22f58c4580984bdf25aa60dec67dbf650b42c4e77b4bafc112de5b5b7d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f4a4dc1c4fe10f28a1ebdf5bc58b48e |
| SHA1 | 2c2f11f97486beb1912a056ac890c442499a6c4a |
| SHA256 | d5193dcbbdb506163f19069df7bdf0f5f966b1d090b53a3a25c5ea2075ae5226 |
| SHA512 | 98caf32ef7ff5f4e23fc88f23f26ddc02155867100956ece32c9a2595a805db418f42e04f5dfaf62bc957fdba378e2316ca9ee3eebe6d1a0a85382ac469a1397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91c5815985df200d1ed4b23ed10c7cfe |
| SHA1 | c4030d5f4e7c4f651313a3cb5afea2e0c06fe7c5 |
| SHA256 | d279f27896a1881ebdd4e3966efc4c1b85bbc780a68527a1d1b5337fb27fab29 |
| SHA512 | e5437fa17eafaed59e99a43becec309ab7d05fbadb069a0a91a6db68e931146cfc5080dfc16735eb9ba5a2e238f52d317c26953b09f748f62388e88a345f8bad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53e32fe3bb916ef8b510d890dd9d4105 |
| SHA1 | 004fc8d4d9e8317d55780426349ae4a04a5f2899 |
| SHA256 | 00ed600a7281c5b2178c9240e8eaacbf7f7ecb2904e643ff3aa5789f57b5feba |
| SHA512 | 958d1b506cf62196d76469a4014d9e9c3be6b32c3c7fb36a7169178f9a1065d05fca88748f18ab6877c9d695235303234c46e0d505745a02200b42cec81a28b4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:02
Reported
2024-06-03 08:04
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910ab2dc5e6f24d027c9276ef14ef19f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5028 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4896 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5716 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4284 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4916 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5668 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 76.76.21.61:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.vercel.app | udp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.vercel.app | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 76.76.21.98:443 | party-nwvqdtumtz.vercel.app | tcp |
| GB | 104.91.71.139:443 | bzib.nelreports.net | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 61.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| NL | 23.62.61.74:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 74.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.178.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |