Analysis Overview
SHA256
d02a1cc1355f47d036c2d5c43724f923bbe2562edcaba6374fc8c8c5991db6c5
Threat Level: No (potentially) malicious behavior was detected
The file 91317fa8ee19b7bfd43dd59c95ec467f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:54
Reported
2024-06-03 08:56
Platform
win7-20240220-en
Max time kernel
134s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA46D481-2186-11EF-A3F8-62949D229D16} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566722" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1976 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1976 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1976 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1976 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | lv3.nhklg.cn | udp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab32.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar132.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d55818fa6c76221f63fb537d0a24d1d7 |
| SHA1 | 86f2195d2379e1ea67398c684bd23af1de63c9f7 |
| SHA256 | 64e7b1d82968de346c8ca96845c3fdb2ca3b6a17d103bf8b2426500f49208004 |
| SHA512 | c290e6036e14875c65878ab6c0e80aa0c63fb6ee304af4de82498deab2f28d42ab678699069462e59e2f6f72b022f5b32a2d546a8f85d42fab110bc667cc67c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 238789c55f0aed9c374b7d4e2584e0a7 |
| SHA1 | f6f656da97cb4e2d35806df91521efa068561bf9 |
| SHA256 | 2d60fa1b2886d63ca65182cfcaf25eac67bd06bea7e608925b10475c47bf14f6 |
| SHA512 | ca3ff81726492d4e2b1cfa83f5bb333d11608417ef75b8e563ae288c369b87e789a8891114bb209bc04f3f909d0702c29d22b8c224391affdff207f3c0c085cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2379b2608947b11c6907295f855404e7 |
| SHA1 | 4ca8b34459441afb396791f0b838e3ba2d8721a3 |
| SHA256 | e5e46d23b0726ec5d79ce80ea54932bbe113e0684eee26f4fcf6307227889638 |
| SHA512 | 3de1d0281d170c4f69e585f2a7ddcfb201b9ac04726f67dff3ff01f48ce34559562e46055508fa4d31a38bc7087c83d064a98c4801d8a2c39cfb1973df9923ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2ecbd79faa28fc1b2c99c8d863f889b |
| SHA1 | 90a1dbeec0fa0c51da5554504f610194f383aa16 |
| SHA256 | 9289c1a996120166f3e22222264c9d856755319bd6d4b0f2f7b81cb969cf3551 |
| SHA512 | 2f93ccf5847b701d49d5817de1e73ec31d61624e112ee4c5f667f4b2b6ac4b87febfe83318c8a6e403b5ec3166c76bc8b38fd583891757700738147e4cee8b95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6ff6cb98f408531cadfc4b0cecf392b |
| SHA1 | afb6f8da0c940e17797e70fd6778251aea26f53f |
| SHA256 | f65e019db9ddee4032cdf0f65b6aae678d7cf4d25a1b01ce3271cd377d0808f3 |
| SHA512 | e71c99607d7035407d082de9fa6cec024a5f8897e24c193d4a55a7ec880dafda70cb1169cb547f33f04c7475c3c803091fb7bca7a01b4afc28de7295a9824469 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 497e3eaaf321cdcfea38ec6e1c100e25 |
| SHA1 | 83538cc4c1dbbb245f8529bef484c18f5631cadd |
| SHA256 | 8d91a9095411aabf5c58c903b31d0813b812e18e1473ab23e27fe8e36890a14a |
| SHA512 | bc5626765450df21e879690bef71b27d072dceeaa5b9d005a6a62faf82e4c80b0fb2b8eb4efdc432d3c9c5c9abba74a65436be40a79f27689eb5516afd2af19a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d19bfff4d67bff4758bd023e2a1f350 |
| SHA1 | da18674d0ed1244a703d874f73660e9aa46398e0 |
| SHA256 | dc820d89ba4eed5a02d4e3943836d8d14574e6a191d6a8dbd7a881b9ea3e56c4 |
| SHA512 | 30f3f1e28554de886cc7f2c11487f3fa90630160a5926911280ba8f95d310b71b14da0e35fe19f6260182520267a9720dfe96702b049e4a3628b770e63286db1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a56b13348e76daccbc048e0d0600184 |
| SHA1 | 9d2281b5b1d5a88edad26e05609b928184e3665d |
| SHA256 | 193bb8351da5499d7efa203087246ca4dc169040e0b5edc6159b71bbb436cb7a |
| SHA512 | e52f9fe687da6579a73ec271938bb526d710ec72f58a7fe9e6ef3a99e7fd094c3e11e21605751a6d219f6f4bb63ec0b0a7c3af0c745b36f62d3f9f186e45ba66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1af4e250add533e9d7557dc8e32aeb1 |
| SHA1 | d5e66d43ca2f122fb028a857ae3c10cdaccf7d45 |
| SHA256 | 7f899fd3d3bf1fa494bc5b2912baf2acdb2d4038661772196602debf113c5c38 |
| SHA512 | 528ca20b349a12b7d19e871962980da64751510614262a7771fd58e2937da33e7472afde1f8953c3631ede5edf5983ed78c71caf3e6e01d645224e7d6fdbdc81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22416b195566a8a316cc482062d9e85e |
| SHA1 | 9d5a4bd60db6b0fee8835ef06644f1a961128b33 |
| SHA256 | 372ad449a841bbf8f35e1ca22ec55a3e376f1b7a8fe8266bdd2b705a24f69b2f |
| SHA512 | 77683c702040f5ee464b1b669a0886a36b3ebe1975acd68bc84a4d529e3ea463d3d3835f30a2828c7ef6075bccf92ca8366af4e4e053f5cadf83671144678db7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e8e961791dbc3b9114abc3717e3b040 |
| SHA1 | 55eaa67ee2632d895b559bdf2b6f4c71779a8c35 |
| SHA256 | 6d90352450a2a2e006223dd3132ca47a3ca1bc1aeb919c0340ebdf5d2ea48d21 |
| SHA512 | a9ad39972294b519a714b17d0d37d4a98ec675dfb61dc3e54eb01fe7677a8dba2359cb42a753d2e190797747c2b28ba234ff97e278b3a501630c14916c914dcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a375db39b8a325ea0fe9e2ac8e36aef |
| SHA1 | c25c33e575f881c86196f4dfa41951aff0cf35a9 |
| SHA256 | 995f2beb3507e4b8168cfab65e62a0ce19dd36add57d78bb463de71af7a875b6 |
| SHA512 | 557e30e3f3f74ff255cd95ef5907f6ddfe90d63ed3ee85843a6952e8815819de59d811faaa0f09889153f308d0846e106a8c289e47a8e438a99ef284aa7dde14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abbd869320f1be61074c42d6d1bda08a |
| SHA1 | e2d58ea3d57c25c393ea4b1a09cc6c37e140f79a |
| SHA256 | d1c94aa2005059f5ac90f4598229334ba6db8c9396bd785d0fc8dfca3a292d65 |
| SHA512 | 29ab4afe6e4528ef2f8fafa5315a821b1558df9827d36bcdf75e9161f40c1ddacbc5d632905b627b0df37bd4c303f72820bdf3d0d8c8d58457fb07e9d97fbb05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f47fb363a477f9f10878619314f3d21a |
| SHA1 | 9bdf83b601bb4fa5fa443b5f85eb3d97b744afbe |
| SHA256 | 3b18844f28f0a87e1f4b4274ad21b09e2d726f366537ff3ab48455bf3677cb39 |
| SHA512 | cfec24778ace289a58dab912e3f51010a9b4526ad647caa753737f2e3e2994049205cc50a2471409ac9f1eca032f7d421820db476753447ce26f2c44a7a8306d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b995a472b56ac6882adf76eeb1b0bd4 |
| SHA1 | e6643a669a3ae0ef9f71082806c1ada13eeb07bf |
| SHA256 | c733ce0f4d12f0132ef0d78ffbd53cfae33edda8ac1ec13066426cb713ace56d |
| SHA512 | 89de4996b693494329f89536cab6fdb486e7e3727aca97ab8ffff890b7790bc00a4655d77ea9506c4436f0145d9ae4da4aa3f323798f88c1d140477c1ca7aac8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 913ec1e480a0f3be05f039e4bb5b779c |
| SHA1 | e9710ef550a7c604a6f33ddbb3a196e600190d0f |
| SHA256 | e6bc35160a65fa19756917e7f55dbce99aab0b6fcb9686fa3494e7c91816d40b |
| SHA512 | e02a860720762ccafc1ca19ab8817dd4e549d9225f9a07d5b5b550de616b64160b18c30a04eb1724b09d2fd12a5beff5f6590d03f601d84d8317c3204d8c29d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 322e357ecde2f244777ce009f95de3df |
| SHA1 | e07bd8d160e0028a5a2da91301d8fd8ddd4c4f62 |
| SHA256 | eaf249de3b49da8dd51e84ae18062ea75eb017802a87c4b10b866c4e3bb7fbbc |
| SHA512 | 81b19f685f8e1ab22a8621e6da2d9078f8b2ea58441e4514c91d93cdacccadc743e4e437ae11d5cc6437a0e3cfbb026bcdc67e7441cacb6134ebcf2e211cb44b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51291ab12f18508482c36872000319f4 |
| SHA1 | ebbec7d43337fffae42aace6311bf9d6e659aef8 |
| SHA256 | e77073eeedae28a995843b3e7165ba585e884f8d1db5590e88a98b2aed9542b4 |
| SHA512 | 895c2e63857d5df00703652083a1c995c8f87e3b28908f7222d19bfacff84499c083ef6c0cd8fbadb4818f1931c5b0db6cec1534cc69f44ffa71459510252693 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eecdb85f749588f670dd3eaf4b2fd5ba |
| SHA1 | 1a7cb8ad0f446c0f5f6c4423899d9fdd91e1e3d0 |
| SHA256 | c6a688aecff69c5e39e007f5f0c177c1f0956ba9955200aea0c6a4949cb59802 |
| SHA512 | 03b94a1bfd340384479284bdabe520ba77a33a2ce267f7f8dd4b31e7e3ec072541f4c23c783e99fe1851edf49cf4f2d63f2720a1e43858db8bac7153edfb59a2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:54
Reported
2024-06-03 08:56
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3240,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4196,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=3896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4812,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5304,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5440,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5260,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6272,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=1040 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | lv3.nhklg.cn | udp |
| US | 8.8.8.8:53 | lv3.nhklg.cn | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | lv3.nhklg.cn | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| CN | 222.73.8.88:80 | china.toocle.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.94.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 14.173.189.20.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |