Analysis Overview
SHA256
4f9e37a46ec2c12cd0340a3c88a0302fda5f5db9d96a3e6084ed95a9d26ba9a6
Threat Level: No (potentially) malicious behavior was detected
The file 91b804c0e700cb26b219ac3ff40fa22f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 12:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 12:04
Reported
2024-06-03 12:06
Platform
win7-20240508-en
Max time kernel
117s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000fd492d982c2902a2eedf53df90d39b83f3018f8976401f59bba59e55bb342b1a000000000e80000000020000200000002c360d469ae24f495483e079a204211c4addb1af3d3238497bfab0be5f02367a200000004760f7d114c8dac26b0e62438d860df60b40ac507c22e785263a82b6cd5ccbca4000000052e8924e2536d2a1fe556eb26aa104bb10856403f094df7d107ec6ba954d0f211c815f8d006ec2204778ceb6b64ebe35b9bb4d4be00e0f1b96246eaeb04349da | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423578124" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000002b3785dd2f1e3471e52fc515f0e67e8193eda0ed0cf79b47347308d1e6861743000000000e80000000020000200000000d43d6bd1b6801386545f6da652c474aeb89cf74921df46dc8021e64886a797e900000008211aa098bcf15eef42094f29b03c8ca1bddc7bb0eefc51f93db7f40faddbe0cf4cfedff07c37ba7a628430fe9945564b73f9982b80a706aa3420bf8df119d27e984e7a288a5db3c1ce6169b89a43b2ea5c1b88d20df5a65eafc6d17085405e406a47358f882d6740a8467f1be12ebec6a76c9ce47a8467421ef2ecaa084375c8476a7efba66336b02dfa09d8434616e4000000075e2f4dd25ad581e35f641195aa9fc0e9afc2ae5b59f1569c2c9ca221cc3cf51d9f33de64b6eef46af695a0b951a29beb3718145b6765a26dc8e497fd3d5e2a6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 508b9666aeb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{666C65F1-21A1-11EF-A649-4E87F544447C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2416 wrote to memory of 2820 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2820 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2820 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2416 wrote to memory of 2820 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b804c0e700cb26b219ac3ff40fa22f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | demo.rocknrolladesigns.com | udp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | demo.rocknrolladesigns.com | udp |
| US | 8.8.8.8:53 | demo.rocknrolladesigns.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1DFE.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1E91.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85bcd97f35d49a4ff7fc906ea81dd710 |
| SHA1 | c0474b09a7f8f16bfa1f2b0971d89bbddadabe8c |
| SHA256 | 2838b6ae81282e48214604be43d8b3cf10d1ee0a3be18ac79c7d09da09d1a104 |
| SHA512 | 55f810b2a3013ca49504cbe62b5df9449fccdf07c83a0187d9e30f17b177fe4a24921bfea92bf407decbc53e6666e0d3d09fb6bba12bc30eb6a23fb5a8c15af5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6ceb1ee1c179eac789f8d73a7464fff |
| SHA1 | 6eb9f814aac83e1a0a98356d7fb60e3542482980 |
| SHA256 | f755527fd292c17289c29192fd7fb62383f7edd32d610a893ae8f64d78361b51 |
| SHA512 | 18c7bfe5820c0d59ed72d4d1756d5aa5b426d4fd51a18a324dd44170cf3fe3a560bb1fb8596e9ac3e006f7727cd02d1f39a4d177ce89e0573065373061224b0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b53431e4e4714cc6e20d459baffda26 |
| SHA1 | 1e2a6601fe10b5277875ac17b4e6da548508a75b |
| SHA256 | 3a729b504f54c7123edfb2fd2fbbf7d00c6df198fc49b56500ffcdfca11589c1 |
| SHA512 | ddc5d72b87352a1127ecb9999db7e5b20fb55bc2517a26e6209291dae84c18f3f4a2fbde0a3b8ed4629dd477648dc969185adb6bf91bcb3e3dbbb17868b43230 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a53693bb66224e2b2e0e2b3c0d4f04c0 |
| SHA1 | 6c277e023875498b2c40403a729578b3936e6e47 |
| SHA256 | 6a62bd0c2a4fa7b7ba39c40e86c26999637da9138872c160ce5661272fdd274a |
| SHA512 | 6647889516bcd52fb3b05fe3b1185de615fc1894120538c2a2095e85fdf0984926174fd32b9735206f16096e3b5216aab580d8a339c3750625f335e4fbb982a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b17542051ce67ca52bdb47adcd2a95f8 |
| SHA1 | 073536d63391f6b71c5439a73ebd94a3cd2e052a |
| SHA256 | f762fd1b6cc03e176eae0baa0b032314d8d4f531c59683fa6637ad5ca7079d7c |
| SHA512 | 896a81cba7c98b2e3879a5927d4feee5b1375774ebf1ee47653b7a41fccd2be3c82e1f81f685578b40d59bce5789de7dbdab1a5c2b019396d7418c5092ce9630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 419daa44d036fcfd1956fe635613522b |
| SHA1 | a32476a1b6db2ea8e648010acda85a2e76c3f494 |
| SHA256 | c7ef92867a3a6600fb304cbbb6c6a63f28c1cdb64d3fa35b86da3b3de5033283 |
| SHA512 | 226fa148f7f12fe12fcb1ee03b5e5d02266baf931fad21add65cdfd4ef2b61bb6f0ba8e3627e60e2d8f43d0922f3d421c1395e43cf575764cc92332ebd11815d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aede037998ca76794d3e4388ef0b203a |
| SHA1 | b36cea2c7304c2cb1d7d3e84fba41eb07dab9ac7 |
| SHA256 | 75bf6669f710d2851597352b7006da3180cf38d7c141e4a13bcd5f0cb49005ec |
| SHA512 | a55434e0fa81ce250c717d6b3e21af730bb45a6049f6c61a3c0d0103d09209022a05f2a3365a5e4405a765f5e18cafec0ec52f96e8cc79ad208695f07e0187c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dd81cb2c375157990e0737bc22fbf8e |
| SHA1 | 79bb360744d036238e8cab38da895f1afa10d2f3 |
| SHA256 | 011e4650e64aa120ec79cd4ced70d83a51c6ad411853970482f0e13e152b3ed3 |
| SHA512 | 958c506f63b0fb2a56cba251b7cefd4818222f472cc4a235a373cb8ef9d38f582b34c4e38bfdaeb546087e54ff195f4f11c0d616fd644c0fd13db03fbcfcf8b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56176ea3d14e9c748b25776e31ab3354 |
| SHA1 | 45bc816f16af721fdbd62bc603a1526644abbde5 |
| SHA256 | a38314d2d5e0d00017dc308d357b2688899935e76755ce9f0387fec8ce453f52 |
| SHA512 | 3ce87825acc893e97cb70819bd722383d679c7a6b3fd7e43005fb1fe8fa541905807b3c4adc5c46a1fd70a5cd93c189fd21e55a8a331941d14f595dd40328890 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76e0c07d816d63efcc800b394f9633de |
| SHA1 | 9ec184dadffd7300e827dabd2e6e53f6c2f5ccec |
| SHA256 | 6a598c9945b20ef39288d3e899ebfb482d04a96f394d62daf44e3c89c7090777 |
| SHA512 | 35b7295abd008f21cc924a9810035bf62414e657ff3e709776308d98c4259c5ef70166ad57700ccc3426ce4c0be364df2b94e8c1a98b85d750ebe61e1f6db1d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba0d8b2d1befbaed23ab2b98fafd49fa |
| SHA1 | 016f31e99252600ffbd672bfc0769be3c0dd611e |
| SHA256 | 3944ec4aa5b08f41a91914aae8e60bb9032363b6e35013556d3015e6877e45e4 |
| SHA512 | c22cfcc03c31363ef00c55aa0c1763e6504e14a72060832d79b0143377a2ddc74d7a54f2049fea3d26a0b41cadf0caeb111119a9a4048ad21b741a373d265798 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af99c48b92de6c93315aaafc13a5210e |
| SHA1 | cb8875fbcaf617d457d577c8b9fc8f5a9c404b54 |
| SHA256 | 879734502c06e8d5cb04c6900595b28a14311720f2d6ea82f037f26f29639fee |
| SHA512 | 37c0534de2e608917a1c9574f0e3ca76e641b9d29768cbb8385fd3f2e8ba75380d1bcf4e033e35ad6f48b95c94dca872c98dd28fe1f8e22aa0f77136193a9c2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 049abf5cc18490aee9960ab2f88431d1 |
| SHA1 | 183125c3ea6108600554db0bd0b1269fcd812a1b |
| SHA256 | 9d92d32ebdf566bc4f50c91f02c7477c763be78ea63898bebd55c7dca9fdb58b |
| SHA512 | 489ea1d15c9c308419069e74bb89896df3bc5c78c9d4fef7002f99a46bdc1ef24f84c58153ff37e3d320157d53d69c9c47f09346ea0137836499674eeaaf15cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96b0e214d5587a37ca62d842782a38ff |
| SHA1 | 0a2a02d43f9491fa2530ff6cd19cc65133518df4 |
| SHA256 | bc0980a09b2a2c7395d3ce74f708d92c70d963f663b67f2e358fb04e7c6d77ee |
| SHA512 | 26a6761fa0211aa2c2f68ed8fc96c096726e7a8afb2115bf92545b9343d7bb40fd82f84fbb572d22ff0abc91da28eef488a818f80f0fd3d48e9e8d7d841af36e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6aecc7ee17719d088f8f6a326b0429a |
| SHA1 | fbfb986bed24f9caeed9206abed5229c1959b788 |
| SHA256 | afc2f558375413be48df3ba7f6d4a532893ceac7ebda2e66f1b39700bdb4f123 |
| SHA512 | 6d8913a5b5a4ae7616ead10fe5f09937e6bd4827ce708d8e94124e119a66bb0699020301f4c19d908897b637f13f6272edb9a0ae872126a085a7bff3ddda32e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dafaa7484344be75f40e102271d6988 |
| SHA1 | 98c57d74bd5311b98dc5a4ed4213fb1b2dd422e3 |
| SHA256 | 69f6cab7e7ee0a9e6b730e31f8d883e5091a081bea571f2af2a17028a9bc25fc |
| SHA512 | 76ea4b1b4d843878fb654accc35c00f793bd3011b4373bdcad3787f3959140892dcefd11a951a2f9fbae59b1d00c9553288a1380bc33aec06c7ff6b6fa587833 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab57bdb3ff6addcad39ae36f0eec7ab0 |
| SHA1 | 9aa230e4b96f1db063cb2c613b0eb337bf92d0c7 |
| SHA256 | 34101f3e201a9522bfc4258f17dc02a78f69762fd17250b3910ea5d41e352cb8 |
| SHA512 | a45282244a2450767458453824a2627c488ce3227b53a333401b6e134e0e084d91ed74a27f4de395a774068537db7e6b37a304e74451c757429c8555b80fa7ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92440cfde060d869252af858a6351bee |
| SHA1 | d75d5cd27f480e8a744de8e8aa0aad9777ce6871 |
| SHA256 | ddc9d8ef923c54277b8f786fa4da9e6bff03029ca7fec085558e1b52ce3bebb4 |
| SHA512 | e5c585f73e66865ad868ad9cb16d7a786010e25335b5b926274cee2e8fabc13ea87d8468ccf8389e4aaae9c37cb0d98a522b3b52e2153f1951823ed73f596dcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77cc2873bbd8fcdca0cf0e0a93b87ccc |
| SHA1 | a4b158d6cc808e190ff83653258934230d98a607 |
| SHA256 | ecb6aa9713d454b7112419023bfc294bb4da6d54bec3fade450e6076ef0341c5 |
| SHA512 | dd089c559619d4caf91ec5d21d5e33eef037b682acd30e5b845da29a84608c46eabaae1c5744a115b6ae0fb73e97a01b77b6b5baf2c7b73af9c6809fac9c2eef |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 12:04
Reported
2024-06-03 12:06
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b804c0e700cb26b219ac3ff40fa22f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3996 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5068 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5252 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5556 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3304 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 104.91.71.139:443 | bzib.nelreports.net | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.201.106:80 | ajax.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | demo.rocknrolladesigns.com | udp |
| US | 8.8.8.8:53 | demo.rocknrolladesigns.com | udp |
| US | 8.8.8.8:53 | demo.rocknrolladesigns.com | udp |
| US | 8.8.8.8:53 | demo.rocknrolladesigns.com | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | demo.rocknrolladesigns.com | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | swapnathalla.me | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.179.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 169.117.168.52.in-addr.arpa | udp |