Analysis Overview
SHA256
94bd0db442a2d581461c0bf844f26f1bba05e2dd8cb54beeb93c91926f2c42c1
Threat Level: No (potentially) malicious behavior was detected
The file 91e16612f5407a373f2057f9fb792514_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:02
Reported
2024-06-03 13:04
Platform
win7-20240508-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000228c4ac56c9c58e940ed41860b4de20dcf17f0a94759a32029bd24e41a34992a000000000e8000000002000020000000368bb1077d9cbe44edbfb10a7f03a1e234d347c08145bbe8babb9aabc06329dd200000002030da36707e60f727bc0952d3b35a34c30406a7d08bd48bae32ebe70da9f006400000008643fc978ae25d28d091d6f9dafee12aea710bbdd3f3b2bf2492b1e42580fdbc5a76bb73efd6f9a7d1175580246a6e8180d99e2af3eef0b612cf224e601e23db | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b06e7c53b6b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000006d9bc7957a69e803c35f8cebd3732bf2b61357b70a6a6f5de597b5ddc3c39f03000000000e8000000002000020000000a3e7fc7993b68a99b1b56b33f3ee0d37eb85717d32e1b136f92dbcd467a1e4d8900000007c480620c40eb83ffc8697055a808f800bf767a9e253be77df713a1b98b6434b0adbc9094fc9199d15de1f5f6da85da109f4e8f245eba6c4126e438a39bf906f3711b4210cba6bccf7ec76701d77bde589dfe1fc5c9032b2d7f1b42f32e251d404f9cc5118ccebaa0a6006375c31540785e9fb6ba988be48ff1f7e4fc0a96df5d5a415c98ef0b75867563975fbecca81400000003f3bba68f7fd6f3f6dfb6101daf42d7595c76700ded5eedf04e5577b4dedfc5ca2fe4e1c1ecffa61d65d093f5b3e5960b70514b06d5d28678a511cb854b22fc9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7EDCA611-21A9-11EF-B023-6200E4292AD7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581601" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1920 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1920 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1920 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1920 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e16612f5407a373f2057f9fb792514_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ww35.frankccgenerator.com.mx | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | a.rmgserving.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| NL | 23.63.101.170:80 | a.rmgserving.com | tcp |
| NL | 23.63.101.170:80 | a.rmgserving.com | tcp |
| US | 8.8.8.8:53 | b.rmgserving.com | udp |
| NL | 23.63.101.152:80 | b.rmgserving.com | tcp |
| NL | 23.63.101.152:80 | b.rmgserving.com | tcp |
| US | 8.8.8.8:53 | d.rmgserving.com | udp |
| NL | 23.63.101.152:80 | d.rmgserving.com | tcp |
| NL | 23.63.101.152:80 | d.rmgserving.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2B86.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2C1A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d8190a111aa4550690030a40ef1c20b |
| SHA1 | 5d6f3cc065087eb148fafe1163b156cef9a77efa |
| SHA256 | 689ee1da851c46283d1c0e8c04e207456b0cf2758d5e99a268729aee14742382 |
| SHA512 | 301cb3a6d02ab8468620e05b94ea2562bd10ad14e8deadd4a7a6a604741fdc7c21903fbf776dcd7eef327a938eabb9109da94067bfd6e938e1fbff4418e457b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cfb6d0d3c7a7c3cf621f3ef4e00d1bc |
| SHA1 | d5a813f8284f880880557d5473e3fe08990db76a |
| SHA256 | 03a70254a977f2baec76f48ea0cb0fbcfa89bf6ed24746371fe6998314dc6026 |
| SHA512 | b78d030e1c3dce633209b6d0aa200129939c07e0c5248fc1e89730cbc9ab6c1b99531a64eb490c8708aa1074bfb104713d6299e7738dc79ede5f6834e009ca2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a1c567f8df9d9dcaaafda1fb6706eae |
| SHA1 | de0aa7962db9548a43a03c85955249df5cc7c0ed |
| SHA256 | 6b6fe5ced48eb00a2192a9d6bc622bd54e5257b4b1e603144df470264aabae75 |
| SHA512 | e8c9855511772d25df9c684b574f19e11e8386efa8a872cbbe88956e559abf7fd99d6907a4f4225eed59cbbf5af8e21a38771d481ff91afcb7b52fc8ae1e0823 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96b3cff2a024f2a53bb16385339ea03a |
| SHA1 | 504a8965d585d8d9ead11a1e3745296f4864386b |
| SHA256 | e3bd76a9fd31e77dfbb78579bb2a79cd9184e8021a3983693f17c4e4bc2baaff |
| SHA512 | 341def16c6ae799e0f5b3d484cb8466eb4a510fe4696bcda73635f7fa82639b504a4c4c3213216a26fdbd6d958eb0c1a59c197aa26454ad015002305c84f9128 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50b8a7885e66e8cf686cdc2c935ffd78 |
| SHA1 | 8df8897e9e24d56eb09cf07b72a6150785904f67 |
| SHA256 | c7d9015dff09e32bf6f139248be24aa1134641c117e8771a643e1da872bf4b94 |
| SHA512 | 316dfb8dffbe9f3d0e6216e5797de677e9fc96fa783d7125da2b37d7084aa8e9907aa5c759163f92235f8a363302916b17d7f3ee39a013fd88112b64dca2e232 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1765f5b47137e362ac4d00714d3edbdd |
| SHA1 | fe9ebb24be9ebf9faae417e1ab499f68daf3cbe1 |
| SHA256 | feed0ce1a959a521e5a016103ff321815db1d26b1bda9b7b1d9aaec8d2653f7f |
| SHA512 | 3c56c79e790c8e1d8dfe98f3b19f8939ff487e170859ff1c6b5b777a6811e450652e941278caa47a12d9d314e82df3bfc7eddbedb21a6461744766d65f62e5e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5a28377ece843279865cc4aa59cd08b |
| SHA1 | 488da86fad0198b38b2eac5feccd9cb1107f8b4e |
| SHA256 | 3492ec86681de9dc913cfbec8b33cf37c4024bdb801990029d338feca2b55914 |
| SHA512 | 0e59a6fa99676168c0f17526336e8f9d38d0db8875092304a75f25bd696e57315db450a6346438c2e299de989144dcbd82e718aa05dd837f2e3a277039e95e73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcb2ff4e006e26c1031e967590551575 |
| SHA1 | 5d05bd504b0902d96fb8bb379c79be6a978a4f09 |
| SHA256 | 64e13225d67c2aea24b8f1bfb0069a33bc6dfba40a29cc88daf4d4b7cec6e34f |
| SHA512 | cacaae224b51b045a0f33565aaa6d5ff6b447a89506f6ba1b17a3bc80f766150fe146ceef38032ea8ad5c28ffc83c2e1c7133dce02397091260e58c7fbe0cd98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8631eea0ea6418bac3035fdef7baa485 |
| SHA1 | 4e5a213f16d0a0892d382ac1df7029b59268d9cb |
| SHA256 | 2067e24e8ff4d8fbcb16dadb3821143700d99bfc9cf18ab61871bccb2d5e633c |
| SHA512 | b3dc6fe9b972c6311195862119554c1bca21790ce5743cc034e87254f553be4924c9fd4e680b0750ad74e2650233342ace0778fc97d90ab6cad0b99a668526a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cfc2e1090b02cc10f872fc918aefa10 |
| SHA1 | ca579540996d3b97b490a38909b0f064532aee77 |
| SHA256 | 97a2ae0ff68fb630a496f59968f7f4f355d3ed723850657658a3584136faf57a |
| SHA512 | e794baf92074040e6c13a79a86d7e85fca932fd6d6ffa41eb60d5dcf87959bc2123d2fe538903dd2cb94dcb7cda0dc7cbcf1beff7a1e1b41850ae4a7870875eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a457a72ccf27e73bcb48675ef65ebde7 |
| SHA1 | e8e9f8dc9c1c038658b05ce91406c4021cbc900b |
| SHA256 | f1c3b7980b262916c10b006751693517dec17f9666ed02c5eed15e9be9dfd47e |
| SHA512 | 189c574ceed360826a01ea7ef275b4861ac58cdf9807bbfad240903dc95800c5e5449a9bdf5b236d87ca943a7b9efc752676b3ab78137e9302bfd985bb9510aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82402b684f9e3dae76590a00d3f01831 |
| SHA1 | b29b8be59f64ce9dccd7c6d71c98c986025abf33 |
| SHA256 | 5c17732ebf1c1b8fceed459ceab00d28f0faf90fa8f593afbf0a861967383b44 |
| SHA512 | 8217d86175cf38fb1da8b5f3bcdaebe770300eec9572303ea33a5be70b3ecb9f2fa4016848208f2c53fb71f5e823791144ba7fee592dd48b88d105e03aad29bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4abada3fca54cf156fdd7bd82d4a0f10 |
| SHA1 | 1760dfad9770ad8a282d52f0ccea74a4693a4e60 |
| SHA256 | 30712fb78003b78947bf5a30627a66b4f6eea13029884072f0ea567f0abe60d1 |
| SHA512 | 45b7f37d3c670b729c611fc8637bc34e45c6e54248dcbd8cbef03aee769d2e83b1c9eccf8da6a48f4ca7a363977dade1111f85a28709476cf214997301a23032 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca8ebca62f231c6b6d65a31810552672 |
| SHA1 | e93ef8e49b98e18cc56d419fb31eb76ee9b14f6e |
| SHA256 | 479fb72c49c5dcdcafceb583b3d2533f16c61e0cc2687f32d0c1a1e2eefde63b |
| SHA512 | ea7d91e7172442290ecd66bc479a9bc0ebdf5a27c7a2d7545448d724289b67ddccf95e18de1e58eb5c7e9ae84ba875b9dc483eb499df145adb05000acdf469e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3423a3cd8243e5a63c1facc61a59eff0 |
| SHA1 | 4d2cc6c1f12ae9d0834958d4139e1cdb8ee3c4fc |
| SHA256 | f775f23a76e3328fba106fd7c042787e03ab06d4009f3a6fab65b8bf5b536801 |
| SHA512 | 5e9436479ca3bef7e3a1ca90d6f7ce56d1dc2dd13ffdf04293ce968f7f499854d9a9134b3399f7df8f875b271159954b5c2b602dbde3de1e0e3867fd4c3da74e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90da72cf49c18e4a106e646b37199750 |
| SHA1 | c9f749ce70fc0bb6e31a85a9a0464a110a5ddcdb |
| SHA256 | 979c5b5a51212c880f084a87da3b1454513e99f77ace8a42018dbfeee0e578a6 |
| SHA512 | 639f3ec16eef095dc9ba44faea78b2c26d288413800a02396b42bdd7a390092615b1cef5752d3003eec5d3c0583fbceb1548b7f13d7fd96e94565685e57380c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95464cdf7ec9768b22138228a2c24b77 |
| SHA1 | fa5413620c0525121e5b2ad3c5dcd2feee3f40dc |
| SHA256 | c55467234308b851b66af5ed3f54d93e850a44143a1d91ae141d64d842b2589b |
| SHA512 | baf3be6009cb1ea8aad566cf332b150496c7e22ba731493db4ea5de6a620b6bbe6a1956712a6af72083675a5894b25ba6e763019196a7f21d6d91ac030e538a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8943033d1d788f754e5802990a54a05a |
| SHA1 | 6d59ec2bb00c00ab406a345f3733e215d6fd3d84 |
| SHA256 | 480fe462568646bd21a8ac43ccaa64eba9c66ad8bc7d25ea37db86ec7406b346 |
| SHA512 | 7f60ad3db98ed92ba903b4bd76f6fe100da63e4b3ee49d8e9adedf07eee3421354967cf8dc2ece6ffe0a4b8869b10c99a12d1ce977ed4e6cc0cd157989e1683a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5e3e386bb1cb47335fbf7b6dc468830 |
| SHA1 | 417087faeb6c3ffae4f7639d418301f36b28d3d6 |
| SHA256 | 070fbdd5fd0e61a86038fbd2fb5dc889e1ede0046b0b3fa40a3b671f2ecc80fc |
| SHA512 | 53691253e34a49919fa37430996a8aa7a7225f0f9f74e24c6c257c275b866ed7595c5c16683ca8952ac92e35bcdf695d3adbe6cdb2ddde50b462b37f443750d5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:02
Reported
2024-06-03 13:04
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e16612f5407a373f2057f9fb792514_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3920 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5744 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5776 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5516 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6028 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.140:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | ww35.frankccgenerator.com.mx | udp |
| US | 8.8.8.8:53 | ww35.frankccgenerator.com.mx | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | a.rmgserving.com | udp |
| US | 8.8.8.8:53 | a.rmgserving.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | ww35.frankccgenerator.com.mx | udp |
| NL | 23.63.101.170:80 | a.rmgserving.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ww35.frankccgenerator.com.mx | udp |
| US | 8.8.8.8:53 | ww35.frankccgenerator.com.mx | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| NL | 23.63.101.170:80 | a.rmgserving.com | tcp |
| US | 8.8.8.8:53 | b.rmgserving.com | udp |
| US | 8.8.8.8:53 | b.rmgserving.com | udp |
| US | 8.8.8.8:53 | d.rmgserving.com | udp |
| US | 8.8.8.8:53 | d.rmgserving.com | udp |
| BE | 2.17.107.43:80 | b.rmgserving.com | tcp |
| NL | 23.63.101.170:80 | d.rmgserving.com | tcp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| BE | 2.17.107.43:80 | b.rmgserving.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 43.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 142.250.187.202:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| NL | 23.62.61.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 56.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |