Analysis Overview
SHA256
6e250ea2deddfd987ae898af3cc271029a2cf5e03cdd287248633ae6ba096a23
Threat Level: No (potentially) malicious behavior was detected
The file 91b58f557714ec9a1e6dd9000e27a01c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 11:59
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 11:59
Reported
2024-06-03 12:02
Platform
win7-20240215-en
Max time kernel
119s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE6BA5E1-21A0-11EF-ADBF-FA30248A334C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008f48f9b64393814c8e0fdb0e17b65310000000000200000000001066000000010000200000004df8cbce7eb55f36a39bd633030739c9d4fcf7fb973c1cadfd3b32689d7c5c0e000000000e8000000002000020000000caef99d428174a63cb704df6e7495a43e9533bbd7b738f0d7da093d473f44a6b200000007f103637581faa7f8b4e7685d21ac7260bf91a4f1ab76b59241fd7f89e1897da400000008429f4cbb3df07fd48fcdbf0e64ab43245873fbb450d836a1f75715a634dd1b1f6ce9221dcfa60ba48dcda360accd0dd977556e17246af04b34cd8fca5182630 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a06b51a4adb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008f48f9b64393814c8e0fdb0e17b6531000000000020000000000106600000001000020000000d87309110708377e26fc51cfc0852c1ac185a69c0ddd61e247f31e1695e7f344000000000e800000000200002000000067356275f324f85dead6399c404aace3b21ee01746ef4ed1589567d6dd277e9090000000648cf0eabb2551cee29016dc641a9e74618d2f48af1233b30165778ffb5bf47700ca1984ee766320e23ed2d90f7ce28a4c1c8a9f729e9aec82b10d8bef39d80a72c4287e600d05e6892a47b8e8dbe824e9406329659d7e135f3f8bf7aa6d966f67683e66879278fb5d3dbba43830a286f49d10e5e147c79df2ccce6914e7fb17b19f78f94fbe1c45e463e50cb528c62540000000fb81038d058d3cb189e9d89c941549282ce4250c2dbbf53124533ac59947ed4508d9fe34b32109d6c9ed408983fd1ebcc46d58759d15ac9c19d3be15ec10435d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577869" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2416 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2756 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b58f557714ec9a1e6dd9000e27a01c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ads.cryptogiveaway.info | udp |
| US | 35.165.50.216:443 | ads.cryptogiveaway.info | tcp |
| US | 35.165.50.216:443 | ads.cryptogiveaway.info | tcp |
| US | 8.8.8.8:53 | ocsp.r2m03.amazontrust.com | udp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| GB | 18.172.96.64:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab12A8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar13AB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54a0f316e421f7ac8a1156557fff9703 |
| SHA1 | 22230d95c65c346b63658bf0e84b93b96f88c0e4 |
| SHA256 | 9be521ab1dbce7be1a371de56effc7bc903c139829253ac916b38a4d3893d371 |
| SHA512 | 413b3d27a0c370134f73c58d31f8dd4f42add5e16fd8487c9950c15c4f2e10c3eb80c3e2289293b6930a9f295d1238ba194ddc192051b774116e5029f7dfeb36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 556b23d438aae079235efcfb776c35e3 |
| SHA1 | e74da77e2439bbe3e7b55e477caf5465b2cbbf3d |
| SHA256 | c81fd7a4fc91c0072ccaf5fb9f36a31ce8d8f2c8b8ecabb3d6e50e93b4d3eeda |
| SHA512 | 7b988070ddbaf77580b5d394b2dbea0fa9748757d44558ddac555c8551111374eb123e6334933b162156d46e2db949f69e9cdb4810fff49dc4e7421b0a1d0f34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 92f2a1182ce2173e2902555131f9036a |
| SHA1 | 0988a9171042978fcd0cf84276aacd084dd3d63b |
| SHA256 | 6c6b96bd9b95cfc1d5f283ec2d6ca8ca5fb207caaba18d445a32519e4cdf21b7 |
| SHA512 | 5e98ce38419dcf16c12eff27dfc527b57cd1e6d5ec5d6ca647c20b757f3d625aee61e5156eadc4cf6a3dd81900609b6da667a82b11f5df6c133f47a69df795e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c598ad1885f431752712f321f370c9d0 |
| SHA1 | 961136f98dd70cda203a979dca246e8093ead652 |
| SHA256 | 878493dc64595688f35bee3419aca13b817dd1758886976fca14687e7fd7f789 |
| SHA512 | ec8748304f3ee8d74fe9a00d6f1378e26d0451d5cab694283eac4d376701153d92bd1f0f5aec7063811dae78506939346db953593311feb968cf53b3c85d6dcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eeec74f611d5f973f5edd70421181d73 |
| SHA1 | 521403a7428375bd8834e48254a6d0a5d1e4f9d7 |
| SHA256 | 816abbf96399ef6aa13a554b662518c002250da997f0d35aa0ad47363aaccb33 |
| SHA512 | 761cae040ade5c9df7d300822202a98adaca3375a3f93c260a8d8708f59e0b5bfe65099a3b2b603fe97a3d79c9ec8d529b314cd6be644e31f8355aca5cf28d15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abbcd0a83386c94f8d2b824765fba996 |
| SHA1 | 46e777d404dc4eb89a57bf294abc49508a634ac8 |
| SHA256 | 5a3ff1a2c7a670c8c2255b9622faa0a3036c7d0decdbd0e3b699288854852394 |
| SHA512 | 08095952d00c5f02340ee5f4420816ead30671a97d3ba46a20e94271a99d3d14f775459b0421f35fa18416caee3af5339f40360e209cb5d05c7cf3e21716f888 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3ef1da696393a97fa2481e7e083df95 |
| SHA1 | 7aa7f94e9e3473190c4241bf9b061de317758482 |
| SHA256 | d1aabad95423a56055d62c6e46e89d9638c14192014860e4b2bbe36953113135 |
| SHA512 | 326536801f7c282772554d7d84d140a4f31e17c20edd7d94f7afb75c383a064781e6f8a9e78986c03543506be891fcf079172d17870e4a61755d814ea10c5225 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ac772d4e03c78b114c0e27cd439a15f |
| SHA1 | d67152eb60d4507d00fd2ee47cb5128bf5473ab2 |
| SHA256 | b5f6e30f6252c6c6f7bba0f9cc55689460719d4fb5a0cb718fa15c49344a82e4 |
| SHA512 | be79d1e01f1d0ed342916035b218d18a02aed702643379494796313e2afc5e4ed8a5f797b18d76858d4dbe6aabf761cdf67ab2b769c9bd2149f021b7d41e7c5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 385da85c82ac11d36c7ee01261a11705 |
| SHA1 | 7a47784ddc8ccbf05f51b09598369aeb9b0b5878 |
| SHA256 | 04e621a74ca906f2b63f73ab64a01200203f5bf53f50108c9456898d823c7bb4 |
| SHA512 | 6fb856a0d235a87abf8b303d670a9c304fb727ff2b55c996653a99931cbc5780935f41fa731e8f185064b8af124393f1eea3574d6c3923c0a5a1474dd626fe57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6371dcb9273d7f08663cb5a8343c486 |
| SHA1 | 32d0bfc480080237d5e5cd2db369a67b6ac217ee |
| SHA256 | d64459fb2aaf14b77c05f74a88ec43e36e93237d7747301a1bc0a35c1bd39d4d |
| SHA512 | 9a132feb55cc621860c592bdbcafe0a73221c0b5c6bd68ba4ed93fb75906a54da0efc625cda0fccead13c022bb8544f7310256dd7585003780c4484c91698f5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ea83a5198a23cecede4e001c5cccd4e |
| SHA1 | c0e25b4742a2a9634adb66436b33933d6c6be1ce |
| SHA256 | 8437e579f4cf403d5b9f28e0075c4d34ea024dc1089568b9585a5b959890595b |
| SHA512 | 6d1b60ad86158b04ba226cda919a589be0dff26e6457693a75f06943d5c1424309d24dbdf494bb08c50a3e7bf8ae4750c330b1ec9da92661e439aed1fb301c75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb3cfc292c2e381a9945816fcf40fa50 |
| SHA1 | 95172cf33ab3209fa4a75c738ff065c23a82e78f |
| SHA256 | 98e9e32845882851bcfdc24beac4c82225646e20c449590f3ff23fb964ba722c |
| SHA512 | 2d4f2355c292e7421aec48dd5fcaf6915367b61e9cfc69ba93d49221a437ddd3c9924afa4a7d384beff552ac6f8eeaba53274eb487a8963116cfdb40780b2178 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b640fbebce89f57dc3a2b652d292dca0 |
| SHA1 | 24cb67cd7979e9737215072cd3e02f4f9a39721f |
| SHA256 | 030a0e5f92f3b3d6ca8e844e413b9dc22287ae4eca99ec477f63028d16f83cee |
| SHA512 | 59f041f8552dc405bec71a8c77242fa928a2992790880a96aa2f24a4ab3d5b51e4db52887d55b1eee86a8227dbe289394a0a306ec6c288e8482515aaadae9176 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1acd7a39ca63766b4e1875d008dffa8e |
| SHA1 | e6b79b1d029701efa973ca746bc5217042d63a33 |
| SHA256 | 3c9b3ea25361fd7a7f095da4a4755574e0f5002386c56c8bd8217734be491bc1 |
| SHA512 | af48c55f9406129a01cabdc8aa2f07ce58201aa717347b4b76c6ad4e088c0a535905c6995e0f778635e8a1db8323c713c3393b1e5a08b8f7449c6103b1820da5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 913c8e91023f5fb64868555e34471d96 |
| SHA1 | 00f2cce6ee8635d27dd91e773b40c818c7e157e6 |
| SHA256 | 8854b180fb2a9139b0a8887cf5b199d24cddd614a5ba5598be84a90b7ea92a4a |
| SHA512 | 1e93ea45b74d16014dfc9eadac3abad6c18d1848171300ea4cc2c2f33b0899ee806111b5f5ceef3824ce135ec33b0697f2f50284b057f3c23e2177b2dcb48405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd35133de6807ad6467b8dcb4c58b96c |
| SHA1 | fd9b0835a18cd1f5cf01c2796c393e5df882050b |
| SHA256 | 4f87f2f10a8ab7393e59bcb59897cc47523b1719b57c1dc21460e53c330576c9 |
| SHA512 | 54fe448c23be4cf7866c5149623c30080d2b051331601d7f6f8d0922f096135abfc8cb005ee5649541b4f055203a633373daefa9de2203c106e038bd97de9e32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85d94c127f62f146fd8371d5c5c59efd |
| SHA1 | c3d430ca9b1cd2db0daf1ccec5e844f8c82499d8 |
| SHA256 | 7d50b355ab74fd351265a0089dfd3cd126afa9d8f3d63bd1564391eaa89c7e30 |
| SHA512 | 12e38e0602acb7a227d3c6c8a5ee5a1314a2d90a9de1430ab16d3809ff3cbf08f077f6de6210947f1baafe4b7684306e03b04ab06a18e68b55d9931ff644eb2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 28df787b46bf35b2d7d874bdfd1d746e |
| SHA1 | 4c2a0b4854666dc0a50f342843934dcd53901a72 |
| SHA256 | 020f8464f9ac149447ab180ade14aadeca52df66799045e87f80d4bcae1275ab |
| SHA512 | 316e643dba2803dc530968108e3b1a740d689b8565786aaae8b7d1824a0cac6adca4b438b3d899c346a4f2d0a6af7aa3d72ddaedca4308ad3719d7f906e3d103 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e58e12fca149daeecc664684bad784e |
| SHA1 | e5b67c6702b8803b38e100fe67a653779a939c9d |
| SHA256 | 64184b2278eb7102b170267de5ab446cfcd40231ba91c0e00115406140cf280f |
| SHA512 | cc58504c314f45227cd9217cfcf4892fb4e93665070a50a6c1ff8d83f88c9aa537a1874414be9ed556ff55e67d30d6c17381cf2a5af0b1004041d21c45da504c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d264d9ea6bdf5d7c1b6f9c6cebce495b |
| SHA1 | f17df8eee420814ef78d54a81fadee496a6d8f6e |
| SHA256 | e7e5703867118e3508479521e3807dc9e019c9d27af1323e821c1e011b7edc15 |
| SHA512 | f916d07436c39ab53d6fce03f5070091355bf0673debabb80906f71e2e22f1c9c7c7a645e38c8c44aa7f818ce7efc80d3a4d59784135313b05cfda532213d1f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20b130a58ae11d535ad440ca66a1a905 |
| SHA1 | d54fa4fe9a7000665e4e1ac9f5d69d4c34ad4de7 |
| SHA256 | 6a395fca0f4cf77dcedd4ac619e02f883c7ea7393959eb68c576a8108e064eba |
| SHA512 | 383d6efdace0bfa36ec456f03a0c96d6ab3b403c74ec0a1b6a542d556ca9325a082765050530a0972dcdb6c6f306cb4ee7445e5eb051d4a27ffe14621a020334 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6296ab71d609aa28e812b94ca2039e31 |
| SHA1 | d237c219559b5d380a4d0227a506c05136f3a924 |
| SHA256 | ae2208e1ac19659ba86d214fc80e53a0c242aa1ae38924194d5238a75906e160 |
| SHA512 | 07fc9734ea4487c6c082922c377fad5a933bfe8c269b72fab81a0fab6b3ffd9970c660fe5597ec1973104188dd5a435dd1c4fb1e44db394cbc242b8e9e368041 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9961d5ce59f977fce00ecc71d13ba75f |
| SHA1 | 8006f538a87dbc062424e38e978b6460bdcbd31d |
| SHA256 | 90e4b63ef4af3d9fbc48fcdf85d54bbedf27cab8719f06b154340ce70911cc33 |
| SHA512 | eb2a15fe890745c9bc9f5e592dc62afb7cc0a470ab9449e1f3dedd4f600ecb43df399b8443cfa04277b09c1c1fb97f96e6254b03f356319e37cc522f914800fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0660bfaf55460bcafd8218514de314db |
| SHA1 | 96fef1ddcc7b1a1f38f16fe588f2cf233285ca29 |
| SHA256 | 56256ed8fa40384a9f48db3290d278c2708ab4023d9c0153cea3cc70afab4c14 |
| SHA512 | 49cc077938b6a6b90add3595982388aa9985c8a541290b10e6a28c29b81a86e2ccf5dbc405f27db0b2a3130e389921d7e8c63f9133eda69bc24768332eea6331 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 7a0c136a1d62247becd2c5a00c716c07 |
| SHA1 | 1478c53cf1ef8bdc25476f70d5a6449c71730358 |
| SHA256 | c1f6206921409caaee45a6857885cfc8ed99c25010a30a79311b4165361e1eb3 |
| SHA512 | 240b0fdef6d19f0f284fc6791687fdc0d4e49ce2ab262c28438b3f04280d4bc5a304d3bc2e7c9239b93ab366d0d62b15c0a4c249fe2603a06e7942ff6507a9fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3482c8aa9aee4ae13d58e0e557939aa2 |
| SHA1 | f26d39a9f3d274a147a8608bde97378ee3e92602 |
| SHA256 | 621672dcf12cc6bbeafd051ebaf230bb14bf28f03f8faf9960b12b08b83f0169 |
| SHA512 | 1033a0fc6f006bd46673070af396931de9c830415c3c2900aa98ccb92154a27350949c80196a9bd317de5b5305b0aab28d77586af21ab0601ce776a12efb3442 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 225ac83758f5794be5ae2c6ad96fa8cd |
| SHA1 | 37d4c22a658bab1dfd397b6914348d2c4ecae539 |
| SHA256 | 32bd0ff41ac1623864bf3c3358df985ade7e3c55c686af13f97ab36ce6a01055 |
| SHA512 | d8ee4162b5a235de0f826d13a079c41f1cce3a6ef355bb68771936fa144658a5d96e7c6b15c0f3fb68c87d09092033340b43e7c017bc9af3c8a9e2425a4ceb71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8c4cac6ac217e6799b47eef90dcdf2c |
| SHA1 | 111d293255961dc32cf06340699b792777f7e053 |
| SHA256 | 93d019ce5ffc0cac38a622afef092a451944216978ab7e37a09d8781f9511f42 |
| SHA512 | cd250e1467273869ae6b88be51492c30b24bdc128de27a8f584cc2bcd4f81bc5376a0d1044a43b8d833df43cb147b9dbf5d7f8ed08ad9b3ade8cdfb5a5533457 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64b7fce9a13484d2b07944df8bd9b7a2 |
| SHA1 | 68c4431cf4f4b76278c5d81bacb25e5c043b8d64 |
| SHA256 | 94a5098446ef50acab90ed457ed3b3f3e5259a205832e5a25ba0d3f42aadf4bd |
| SHA512 | 5e4b5bada9050b186ed9bb20da70c120bb80ad35c6a4dcd891ce0e01523ddba344c8827c669f2225c8f3be26b3b631ed078f71d07c7239cd2d9983c0986d3f39 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 11:59
Reported
2024-06-03 12:02
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b58f557714ec9a1e6dd9000e27a01c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4540,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=1016,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5188,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5172,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5368,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5808,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=6060,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=1012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5548,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | ads.cryptogiveaway.info | udp |
| US | 8.8.8.8:53 | ads.cryptogiveaway.info | udp |
| US | 8.8.8.8:53 | ads.cryptogiveaway.info | udp |
| US | 35.165.50.216:443 | ads.cryptogiveaway.info | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.139:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.50.165.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.73.42.20.in-addr.arpa | udp |