Analysis Overview
SHA256
533ecf4dd21abaec40f703a401f6cd93e5155c85b343946cbff44966fae95fef
Threat Level: No (potentially) malicious behavior was detected
The file 910a7f175dcae689d2474683924faadf_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:01
Reported
2024-06-03 08:04
Platform
win7-20240221-en
Max time kernel
142s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88569EA1-217F-11EF-9DC0-D20227E6D795} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006a9820ad4987544ca8dd9549ffefe94500000000020000000000106600000001000020000000f268b102e522d616a553926607d02097fdec6fcd156c212254699fb304b4053d000000000e8000000002000020000000c2808ad10117e7e5a2c69d17c68ddb117911111adc2a102c4226cb8379a691df9000000053b4969859f9478ce8ad03c99075def1b482b7d20abcd8ef09b0bae1e63ea02463514868159c6e7c5a7297cf95f2493798872a718852a3f6723a2c7f2a610fe94713ee0488cc92639d25d412e6c43fb74a650db803904f567d4dfaa2a1c3044a66479f243e50829da852b140a25135a8ff6c9bb43d68f220233aad2e77add040c56050d3d24da7eba85634f452181590400000007b5e53ce9562999375c9cace4999745e9a34e22ab2c6e51129a9661d132d85c7cd6f24c13e2227f554e43c2785054366e2dfcab0f185d2db51c4cc4a753eb6e3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563579" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006a9820ad4987544ca8dd9549ffefe945000000000200000000001066000000010000200000004747b416fed84e7c0c3ba9354f844a44e2737dbd0f4ff3aa947496a272b751e1000000000e8000000002000020000000ddaab871a55b177d6c943cd4968742936928924f0da53e48d902a050a9083dc420000000d481a4191590f95caa5dec19a63b75506b6efa2e948217a8260a3f2ee8cac18a4000000068f52a9f4f6ac75abaa47c66bed7e7dde06ef30a47c28ab596147a9a8db0973fa58675586272cce84e0e139459e64750c688a021fa0b56519ba90075ac359a78 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f051d35d8cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2684 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2684 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2684 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2684 wrote to memory of 2972 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910a7f175dcae689d2474683924faadf_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | parking.parklogic.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 67.225.218.50:80 | parking.parklogic.com | tcp |
| US | 67.225.218.50:80 | parking.parklogic.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 67.225.218.50:80 | parking.parklogic.com | tcp |
| US | 67.225.218.50:80 | parking.parklogic.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | ww1.planetsuzyhd.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a452d2d319f5c3384248999f0c24f8a |
| SHA1 | 4243ef49d1ea255e76993169ecbb72f2ac73831f |
| SHA256 | 154a5d9469efffe2a7530f03777cb63619f3c33b235fe6a41a6db9c107b73488 |
| SHA512 | 3d890a3db0bdc7e913fcdcbcdfd5d50145a2ae31327416b13b1218b42e037d94f0fc3b6e0f9cf7a1aa6a826f72036341e19c30a26a22af279703d82f0317747e |
C:\Users\Admin\AppData\Local\Temp\Cab4D86.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar4D87.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4E68.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce482673ce3fa32f9da35c889ad6fe0f |
| SHA1 | dac5aeefed8aa7a2c65613bc1e235a08ae983c1a |
| SHA256 | 54ca2b22ff9abd60d5306e32f73eeb1c343f59fc386b60b4dc6dec72eeda564a |
| SHA512 | 2535f01c2798a02dc38279133207f96123b68d0976975fe8163a30a218b8bedb8e2c9b0f3039190aef8704fb85617704b57f56a14bd8f0ded13d09729a34a431 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ee109ca13b74fbfce36bf07696a808c |
| SHA1 | f3c8d6c86c3eb5da9c9ceeaf5b7672fb4d068951 |
| SHA256 | 29092182b42753aa896875752507dc99eb791302400a2518b736e3e8f7df4e7c |
| SHA512 | 66d1893f24eaf9cdefed85f73f5d7f30976fbf42914afaf481812b8f972f74c9abcefcdf7203ede48d9200ef03dc667faa52e718132b7ff2259938b0cb3f9afb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa90900c91ce31877615756d38b96858 |
| SHA1 | 4813063ca1e40ee27b04d64de46d789b2a42f1d5 |
| SHA256 | 600a049212d670bd3e67d8777e174f53c6f90b6ecae0717190a2e14ff6e33626 |
| SHA512 | 931ac394e0d37183797e596d413b0acb6d4af3a5514fe3f1c968455e0e5c278bce938c176bf14d1abb890e5402edcfe5b00121cea7e1571bb872887626f97d7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d8d42793abfc226fd3d53feffd88063 |
| SHA1 | bc2a0efac019c0ffe23e7acef3ea3403c5c3a7cd |
| SHA256 | 8a8595f73291475a51a7135a96d822bd31a7da30e194bbcccf74a9b7e433e209 |
| SHA512 | 84477e37523163be59828e5ea59517717d00bd73259496fa61901f558dbfe8a7861ea7c66702f26be27b38186bee1c910a007a97ec89bbe102e27962de0299bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4574f745aaacba000a96c0694c07c266 |
| SHA1 | 65af50dfecce75df79f7c8e1b48c792cbf5a161f |
| SHA256 | 2da8541dba7da4c5385ab896bf997942e86606098745f517709a399151ccd460 |
| SHA512 | def6cfa374f101d69a397af9100fbf0e0a1ab4eec8badcd5fab05053576ca372fef15f380d5887a1e683a83b5651a953a4f5745b832bb97b5520990a4ab62456 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bd394aa54a170b866672c19687f5a43 |
| SHA1 | 67e280cd4226fc9e9ac17dc1f1e8726e929ea203 |
| SHA256 | d575441480ff3fa08a6e330b01388e164c567f3b8797185a7427f23fa4261e4d |
| SHA512 | c7782f0fcabf3063ceaee681c58b11e58c5fa32f5a01c84ee8c6e67cbe40e9e1422153e7da36a878586938ab5df3c86bdae3ba7f86a93879a449369120da419a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23a15420896889e0e205aad6dcc57bc2 |
| SHA1 | 8deb44c02580cae1afea76f2e0a1812a16a8419d |
| SHA256 | 8b7ad1505ede638374c57c19647eeeed1aef0c57399dfd4563ddc09c412f8e2b |
| SHA512 | 7000a5943acabbb8c32bb6db4e03c388c8f972ffd6e71847ff824a1f11fcb044974321259934a468ca74ab701711d9930e3fd65b007c895228d79d08a99e75da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fafd0034be15b72452944403f19f93e2 |
| SHA1 | 5cb7479f5a8c2dd9fbc1b5430a9f662c1d7ea850 |
| SHA256 | 2d568a965dfcdf97f2453b4941108f15022a98c3fe1210faba6cbe8cb2bd00c3 |
| SHA512 | 2e983e2426c0260a217a11513109d02f42b4ff3b295e7ff65fccb9f710cd982aa473593bf984ba08d591b6ac7521c53978f40e05924b95f4f72aa4512ecd3f02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3391e7f48217eb56b44b4494a8088770 |
| SHA1 | c97dd0165eaac09e38f8dcdfba6a799cd839f9a2 |
| SHA256 | dd3cff95dc52e466b71601bae6b63d71533008d7f321dd54bdd3b6a1dcddddbb |
| SHA512 | 89f9ad400e72c891d4a0831fd7fbdb59a77b85a2d5eda5103787a3d2eda70faf4757f3f182075d7b10c4dc90f2a232e548fdc5c6bd6225c851f2804aefad0588 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f609b3118e8979395fba1644ca940f8 |
| SHA1 | d744928f9997f6721910944197a05b2a81f77c98 |
| SHA256 | f5271b8003cfdc019548d81fb269a64895bbd7f0ba873dd0254572a4d66c0fb4 |
| SHA512 | 1511519348eb087db80d06bacf499c5a5e74f69093fb4a9ff6a590d875cdeea3a3b51d55ce21bd4a47471e8537b2d62ae15ed124d1abb4311de89814cfd92bb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fa74d1be7190dd3778147f1a28a8b2d |
| SHA1 | bbcc23faee40d347de3806bff7a7a329d2849ded |
| SHA256 | 9bdfd6d9434505837067ce494ca87401db068f2c45f47d2035bc8654a6295b11 |
| SHA512 | be881cfab6be54e46ef680ca087815c26197979eb32c1896307ec852a3d9268b6f14fe30759a9ced78a88945f0031e55d3e1aaa5929faca7d192c17a7b296148 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d13ccb25e78b9b09e91dc09ab0f6775d |
| SHA1 | e819a83d119227d1deec0879d402d6a73f4505fa |
| SHA256 | 334e61582a72f75980e1b64838025c698c78bd8b516612f1772bb2fd4b53f222 |
| SHA512 | 5c55b5f360b0c0609026e8b663ff2efaf45ec373cc805de7c364b16e9b76ab441eb2899cbdff55eeaf047984c16c28c0122caf38c75359eeb2af8c2288e5e35e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99f7ab487368f6b9c06e563d59e68ecb |
| SHA1 | cd87b5184db0d40b76936360bf3a1088d047fbd1 |
| SHA256 | 5f21573894e53e0e799b73ae5c963ab0531a79a80fcff4350ccb845801305fc2 |
| SHA512 | 506b3b1430b3f884516e41724e41a0defc5476b90e73a21109ccff940553473b5c9a937867d170909f64b9f5d4d68fa90beaa02b8a0a165a4564a3fa218ba4b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5fd739831378a996fd8159bf9a186c6a |
| SHA1 | f4f09824ea1d6fab44939b73ebe3e21364ccbd7e |
| SHA256 | 29c8f447c6c90d56a1903da8d0593a0020339fda6dedfe3d6539589f3273e2f2 |
| SHA512 | 733e0501b3dc7342fbdb909c612e8df8b3cf1fec34d80e88c3f363fe92441e66160ffde35a6bd039a5e95b911a43a904b056c63e8c673856648767c79182819a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 708a33dca1289ef5a2f461644af83174 |
| SHA1 | ff79eb07e37a590fa52617348c650c683e238770 |
| SHA256 | a280def08dc95a2a50a3596b8237adb60caa80f276319ec8f33f3ce6f5d8ab75 |
| SHA512 | 86108c44cd9d0153628bb1610a3e41cfffe58a8e1bb98e2b268c1537dbb0444e0fb7f319412cb5eea3d9d1fbfa8c856d5b1237cae1da707aeaa569798eb92a24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93559bc06b8fcd30cefae61e24aa6628 |
| SHA1 | ac89e93c3b7b5ca566587c024652c30065a5af22 |
| SHA256 | bcb05a9da59145af32e42ba05e3124414ab980c28ba5fe2a583aad14ab2ad003 |
| SHA512 | 2c15e1672469cdb81b5c1fadf0384ba1cfd7b8e80baebcb58f019bae07e661fcb0e1f1a2647bb245d0482700a39939edac061667c532957ea01c80e9679b8567 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d5d6eaa06fc5d5b7c31bbd4782e33ac |
| SHA1 | f2b60df538e0d402324d8cca05761da7a8a87ea9 |
| SHA256 | c02679749129e31ce326a1143f6d2c22739d2ea405db68676821b3b18c34194f |
| SHA512 | 206832e9466ee3ecac84b44ea6e67d89370390130cbccaa272ce915d90a763f6e8fe0ee9b1b128d0bd14e20ae4e90fb09ec6c70515e3c7e40411c927fa5aab7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 347682e1763bd3b4dd8431a754a8a9b0 |
| SHA1 | 1aaf9727e069570f748bcca58589c5b9cad6e348 |
| SHA256 | 7d4cb2e604dfe0dc0039fb1d30ecafc1aac1ca6b4c0d274864ac61444c3e5e9c |
| SHA512 | e52959efe573c2995728711cdf9c02e7a134073798602aaa493dcc234ec967596faaf09517633648b1aa8b892dcd2b72cbd7f55bb05a5a03ec21e8e5e0db5fd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00ea0147868338021dc1fafbeac831af |
| SHA1 | 0fe6602182cd5c436c0e72dbbd210a7a1183ec77 |
| SHA256 | ab0da86c29eafe1169864424b78c3f73efa23c8f0177825f60160c6a546f5f00 |
| SHA512 | 231d124b83d4dc59ea651fe04cb9e51a383db6f5d191afca46b85727ed10a09999ebac0b6b58fb6122fea443a48c4e7a7de49f0bd65cf04fc04255463fcd2b43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af2ab106343ad0a316a4235f3c60b258 |
| SHA1 | 5e40330cbfc839ef5088aa5f9c2a2fb71c9691bf |
| SHA256 | 54ca5c2c21963cbeba0b5793aefe5c841caceb36d947aa2edf28d4a1ddfb7ec6 |
| SHA512 | 887e6e09c163c2f0616b47e0da90ce04b6c7ce12284b1652be250ad8ddfef6718674134eacd145832b00dd2f78f375f803abebf790e8351e0ac844bec28dc158 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 5e1429ff5dec7c79e482762c801a2343 |
| SHA1 | aef2bc5b056c3a2a55aa0f52368a8c01dc11953e |
| SHA256 | 955064c14c78a642bc17a30bbfd2fdf6124533d106f6d361de43cdaa887ecdbd |
| SHA512 | 6f2bc8cdc0efdae449c63ab4d6b568bf08dc1c7df238a578532c9746c4c16c642936d8cbf2ba4f37f92e9c20588ac79fc892622033615e8e09fbd3a7a85aa07d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:01
Reported
2024-06-03 08:04
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910a7f175dcae689d2474683924faadf_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4828 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5348 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4480 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5492 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5836 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5888 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | parking.parklogic.com | udp |
| US | 8.8.8.8:53 | parking.parklogic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 67.225.218.50:80 | parking.parklogic.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.139:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | ww1.planetsuzyhd.com | udp |
| US | 8.8.8.8:53 | ww1.planetsuzyhd.com | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.218.225.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | ww1.planetsuzyhd.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| NL | 23.62.61.145:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 145.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.71.105.51.in-addr.arpa | udp |