Analysis Overview
SHA256
4c40b7cd9b8eb9c91dce1b72d9aecc38d5ceebf2dc3c6565707bb32a1ea5c628
Threat Level: No (potentially) malicious behavior was detected
The file 912e48c31df36763637d73f52626528b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:50
Reported
2024-06-03 08:53
Platform
win7-20240221-en
Max time kernel
136s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026ca9cd530a769408950b93016a2e9fd000000000200000000001066000000010000200000009c698457a11fa7a4bdc36ce4054d18cb16b2456ec85ff5eadf56196227b618e4000000000e80000000020000200000001d687db1ec4c1e17b04579af14a9b6feb8df62f9dfc80e228b1abee42f0b8e6290000000944a3624277a3b83be44fb1502a9697de6e1a9cd5734748e1c8d84f2db86a7f2a1648ce44aa3b62025e4ac890dbac14d19eadfeff7ee23fd60dc32937ba476bebf1af64725455f7bb7d644b2f93b7ab5203450b99a26e81fd0d142a941123a20d8de5ab49edda6cdb7c712f3821bbd8e050661f7836cce45e6049b5fa6a1150d636ae1c1f30302c11fdb5a9f624b5a7a4000000056d75b169f0d31fd53c8ba4534d1db7b6437ea6effdc879bf58817c3464e6b17c4a1bb920b41316cf9c890f38b4c94e0364eb6b7f6fc2c62433dc83cc9581d79 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20ee532893b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566497" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{539BA411-2186-11EF-92D3-66DD11CD6629} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000026ca9cd530a769408950b93016a2e9fd00000000020000000000106600000001000020000000c27fdc700ba266dc8fb81e5652d6aed66d1ceb1dcb275c628155ea3929aea24c000000000e80000000020000200000006d745d8abe437159678d6049fadd6a79144e13ece96201c2faeb1bc5d3e11c2a20000000cd9ff6185f9d27ef587c48223a62f6ba21ee40e2821f7584ce51e4a5d93f42b9400000000f6715d38c0d1214265d1888b8609cc3d1aa49a56673f26b250fe781384d093c00ab459b79463cc7643bbfdf0213ca2c922c46412509e4472fb5e1a1253a040b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1420 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1420 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1420 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1420 wrote to memory of 2916 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\912e48c31df36763637d73f52626528b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1420 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3B5D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3C5F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51676739d4b7e2ea9ae52f573722e32e |
| SHA1 | e1fe8387886dea88fd39822481ac8792443a72c1 |
| SHA256 | 30acf56eff1f0274e10341896717481950f5f464db29d2dddd1bb6b567b92eb8 |
| SHA512 | e37ce5d63f7527da9fdcae1007815aba6b0a1a81537e815fbc6f174f9a00e56bcbd44d6249646c445aab30b938df8a906c2ce895cecefd7b340b1ecee1a2ce04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46740844a41fcd19c77f87c66d5bb4be |
| SHA1 | 2d85dfa54fed3fcecc0950b0f4a736237993b513 |
| SHA256 | d4d509fa545c169cf8f9e85b0ef54c26bff4a0a02b074c2e9f48b36067641915 |
| SHA512 | 210df2f58d7925adf8f7a1ab7c6d18210e1f25427eb64041ac01f598c88e5d34f886fbf353123b1b1789be72621656658284761a03fa5932716c77a70e66fbb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a585332d61f9046732cb1c108503b932 |
| SHA1 | cd3f64e31bf4309b6b57c0e1d129f18d84f9b35e |
| SHA256 | d0af94b1a3d5b8ba5c90cfc700aefdc33413baf7f5bd694279a215c466451c61 |
| SHA512 | 6c861204279252837a0c7afc9756a76494aaccd10c19020778f7a36cc308bffe03e54178a1e4c8af5c0ad48a6b130ee5d284d92f071cf312b4f42bcc4f9f83e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb2efae17f5853146c460e9297b76128 |
| SHA1 | 4b4823afb0909fd378c1c25c075ff2b419467bbc |
| SHA256 | b9e75b6d3010c62e89c81d8351c737ca16111c608058453432fe5f53d7e35fed |
| SHA512 | 2c9921193fe631ce15b943662a18d7a15db81e3bbb1a0ac421012a23ddb4e5c48b9d3dee5a9f66441ee33db6935dedd2a9531ba312921038c4ef92cd344b6861 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4ae04a443aba51b8b39f775d7a79451 |
| SHA1 | cbee32a58fbd95ad3d7e1cff3cc8b2eae1028126 |
| SHA256 | 21e92147601f33b889b4cebf64e6048ef937f79b07c9d81e0ea9cac9a38d72e5 |
| SHA512 | 10f1e8218d7d770cfe6aa6afd9944d0553b79f1d20fc3f6174ac80a8bf27563bb55cd4449e2577972b9781a325557d0515a3d80e65a17f7f4c5556fc3ec06278 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3bc940192cc341353c4c66fdb07156b |
| SHA1 | 8ed920b09b4a8056a9bd2031790acb0382db0fa8 |
| SHA256 | d7ed1193055597cc219449b0a8cdd09216227b080accf4133c044a3057b1212d |
| SHA512 | e6ac95735f89d2148b25f48a9e73912b4becc7410966e01dd399e48b4dddb2c5e00b14e8c7dd14eb89b471c3ab11d72a1a7c30415386b08ed1d6016c09feb331 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44be46a1066dc96c561b403ecd460232 |
| SHA1 | 4af9b62290595da06b1eedb7fc907a498ad37c78 |
| SHA256 | a1a220e965af924ceb1d2a26880a3eb9559e94c288dac8fce6c0ee2ac92114c2 |
| SHA512 | 0546495a843614393351a3cec05c8f58eb92e51421dd87c2b05c1faa49a70c28b09d54778031cefa4cdf3ca522f60def12d29b0ccb4270b38df7dce4ad89b936 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a052ba6b16b9d3da2677065d7069cffc |
| SHA1 | 84a031997542ef6ef07f6a4f424ecdb9a69ce555 |
| SHA256 | fcafff6fcb89ed9ca792c18d707ac4ac511690f134f65e5c98147e7622b5a35b |
| SHA512 | a89482c40584b53d71fc65651a4ff82177dfc7f21d8de80ca3c0b50ab79a093c573c7db187a058c557320235d6769f7c2303458d5c99ec45e76e650f0cd12216 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b38a1c366904d36a68120f9362b44d4 |
| SHA1 | 4fa1ad93d4fe7be50932a755016a2b33e601f9c6 |
| SHA256 | a15e0e988ceed659368f1ecb2d67d131494335657baa21e9ae8d048c44104205 |
| SHA512 | 43179dfeb17429227fdf21fc34aa5d2c1b9f543ed29efff87a62a6a048dd6aee68454056b9b284e4b8af46869ba60dcc06400760af49e507c0f3d47ac312c5f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7706cb7272542729383c88e49a323f49 |
| SHA1 | eb802fd3a540a4972083165e9f3d3fd97e9c60d9 |
| SHA256 | 41c30ab425b9552e59232b5844a47f0c6ff7ab0b267d0486ed9c94876455bb7d |
| SHA512 | e8a37a8ad8c7c983ed1a745d1c3c441a7ad71f55f934fc9cf25c0fa67368508d47349f486d24093b26af8752f25996ebaf3da2cbc78e5409f6479cd50ff6b34c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da8d7467492ba7797426690bade37f89 |
| SHA1 | 1d2896e97aa0dd3c7baf9fbc58514dcf5f00c057 |
| SHA256 | 1268f862bf3ca3bdabcc24f81f0cd7916c84c059a2aec2772f4f4036c0701593 |
| SHA512 | fdebcc4059c0082be6fc9c482c63e6732883784b4004d3a979693f3b62083e20639575bffe7e5a9790014a2f54910ca658c4aafa66f91cac7667e157ed1627ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2bbfc2cc59de19cb9cd14c179b2285a |
| SHA1 | 0bf461df40596440cec9a92e68be39c2e5ae0097 |
| SHA256 | dcd203a8e2273f70adf632423cc89c0d83dd49c830bdc24999879509c79e2a78 |
| SHA512 | 73e6cd2dd645c2084172b7cee0899fffb9919aceddaadafbca8931d1ad4704b865fd9f15564541f30449f19aa92cedc4c1e4599ce0a94463ed953ce891e46e9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 941d5fe368966dd43877771eef45a68a |
| SHA1 | 9abf369773f347ccd5c0a66524e42cf5f1b53f7d |
| SHA256 | 9dc212046b54b8e7d903e42c8f5c98266a0ee3f5b17a6932d493a38af6757ded |
| SHA512 | b9f95dc8b6ea941a4a51e897734ea031a5ba422da40bb7887a43817daeb4b45778abc000404d037a150b4c619035ec3787ac0405e6b24690f694d5d7abdbd1fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fd0c548dd355538ce49f84a313182ad |
| SHA1 | 1f13253a1393c71dd9ca962c0b77124bfb8b7cc9 |
| SHA256 | bd74152565e54a1a079b5892408e8ca8556a4e11f5c1f8d1f728953436a38eed |
| SHA512 | 9aaedce144f744e93468bc4880bed4b99c79e337fb2b4293711c34f218a1f797383b0cf598f8c2b64ba40c9fb30bdb8fa7171fbcaa3fbcfdd4f62f0dacedf8c1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:50
Reported
2024-06-03 08:53
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
149s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\912e48c31df36763637d73f52626528b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5020 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4804 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4004 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4268 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3920 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5912 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | ww1.myperfectmobile.net | udp |
| US | 8.8.8.8:53 | ww1.myperfectmobile.net | udp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| US | 8.8.8.8:53 | ww1.myperfectmobile.net | udp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.200.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.173.189.20.in-addr.arpa | udp |