Analysis Overview
SHA256
4dfed58ec59c9e1ad506fc267f991e8f630a30897d99e9ebf7b48427319c417d
Threat Level: No (potentially) malicious behavior was detected
The file 91e4619d2b6bc8d6de1119186526bde0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:07
Reported
2024-06-03 13:09
Platform
win7-20240220-en
Max time kernel
121s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0475238b7b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581914" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c68c7acd37044a41beb250e252777dc50000000002000000000010660000000100002000000080b5fc290aaa3485b96e71ed08f6e7297d5b245e63f98f3f3674935260ff7688000000000e800000000200002000000099b728b8136e1ac1229c1f660b12f4c8362fa969145b962420f796295981409d200000000f037c9a40b915bfa3a813ae1e1bada4ccc0d19a586c79c6f8f1cf55f803625c40000000f72462b451f93099afab8b35f88a3b422b098fcaa4b9e648185e9e46fe5bf05211df18096d38efd7b6d195af8ecad00bf9dc39272351be7c62ae099af51ef9c0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c68c7acd37044a41beb250e252777dc5000000000200000000001066000000010000200000008404a00a0742b4a5d9fcbe7050e99b72985a7ef24cbf5ddf6069b20176d518f1000000000e8000000002000020000000fa280789fae1316a44e6194417fd791f0a283baab32c90c8705795ce64d6b53b900000007e3fa01300057f28e2613f1be82cd0898024860c994d8a8b52c0324121b6841a12ac45e8908b59da3c241160c394abe9661830fb4f6fe68e39611c31c079f9f29b34288c815763ccc19df5d3aa823dd0062b4418ad1aa9a24ac289ed4f51dce7a89b2d306fbfe71877964852422050332e7b21cecb4951c0c49cc3289bb09d0be05596e37ca5b9e48dfc2d17c8f8b806400000004f33c872a1120aaf433c9115941fb1a01f25d01be9b9fc169986897f523650c6cd92b649e138dad60619177c4e2130c0b9d5ee56f62d98c8201ccc2707ec4a8b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{397320D1-21AA-11EF-85B9-4A8427BA3DB8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2360 wrote to memory of 1408 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 1408 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 1408 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 1408 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e4619d2b6bc8d6de1119186526bde0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabEF1.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarFD2.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad28099b16d1fff91e036c78eeb7ec83 |
| SHA1 | f904a29fbbe065d45aeb09b735d886b0b66e9593 |
| SHA256 | 193ac17a9193c2aa25bd37ae33d643fc0a97a8a5997ca814553f897bff0335fb |
| SHA512 | ad429fbc375e09f15e3dedb04c9df94bb6724d0b872c64ed747d977307d31f9e90d07c5658bb66c5efe59a2c055564706815b95ad32d61ed7fe55b80268a910e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4a737fe4489261062abe28fb9cfae1a |
| SHA1 | 8ae04391ee96999fd11219129276b7099af906aa |
| SHA256 | 40c03936d035de9be56f3b9a35d7fd184d85005816940abefcda8284b2517652 |
| SHA512 | dd79feb797ac8e31f3985c4310d9a9d4d438bfd0fe1e31ffe878c65459f46a999bb7dbfe81a6d8736de476397f2d89938cf493188fe4e7758312b47b55862dff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 910f3dafd78063bd5ddad4300a4738ab |
| SHA1 | ef3709b7f02b5786e26a605e795998440a3e048b |
| SHA256 | c57eec15796217bf60e8e401b1d426abfb0c5eae3bca425921cba0391dc5f7ec |
| SHA512 | d16214ebfe90dbf6185c04e6a51aff7c37e93f3c667bc730142304b25d4c36aabbc43a6bf2432321bae2a3bb1f630a0e4f0ffec77e54557a62c3927efeecbfcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89ea5faaddb199995df22616b5781c0a |
| SHA1 | bbfb6858e1e4cc7562aeb4b526e3bef6bbbe4096 |
| SHA256 | 5cb6d82576d1b9a10916c02ee200de3c180114c179cd92cde8d21d5d8c2721b8 |
| SHA512 | 2eb5065454a11d64d79dee9c622c8b7ad59f04e914937f774764fe5831d84b5b8f69fdc3db72fde688730092260f01fc11b3fa3e9e3e74c76f85ec83b57d2294 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be4bae0210866833f53f4acef3d2ff3a |
| SHA1 | 6006d330cec16c509f8215d0269ad55c10fce0ea |
| SHA256 | 7acf380cc22ed70ee79382ea4dd336e530d92435906b3ea36f1b0b8d8495970f |
| SHA512 | e28c2fa30a02a60a1d97a535d5c2787cfceb36c38ba07553de44ec312b47be5beb55aaddf6b2a3c82e3cd318c8de94c482f02f4338758fa4778c5b268dd29a6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1bbee514a9071fd3c52f71d0734b32d3 |
| SHA1 | 087e8b067daf7029dea1fcb461e879c6a5d57070 |
| SHA256 | f312fac958eede9fcb5335dea059fc01ec62d086b114afdff4f8afde3ccf62f5 |
| SHA512 | 6cdd9a3655e73e86298aacb50799e5f424c4671433d2d0917dd1d58640ee2fa2d1f9cfc3404e97f95199074f1df6be6cd80bc3517cbc9bb641cb6df7c3757e4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 76f08e903b1e971b118c96ce24cb8a27 |
| SHA1 | fee8bc62c4c5ea8760adf300480ea9cecf2c666e |
| SHA256 | 714ef18c98ce27d8d9c5e6295c5e231208867cf3192cee8d3141d4a7cdbaba20 |
| SHA512 | 7d24a826b175b04f775c3fc14d6d905af505513e4c6cfa93c3ae9b1794aefa6949b86a872c93f2c4e35087fbff4b6d5e111f38cd49319192bd771b9d33a0cf71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2072b26841fcce4eeed7401f0af31853 |
| SHA1 | 2be7cda6346e82311fc2075213b8af78519c6340 |
| SHA256 | 338b69ec289cf501d2af400b3f60f4d73ea11e198c3e2b7f1bbc0c2e8af41d45 |
| SHA512 | 837b55f1de42aab659b40b52e57de6c2932626fa19af34a008e03245d3bdd69a48c73d75742138a34292e7b59e9839b6fbfdfd19b37418d6f6821b4af71e1f8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f40f4fad0e14d5a6a8262ac4cc84dda |
| SHA1 | e9ea023921a37a6296531813d7aea69ab8bf05a9 |
| SHA256 | 5f7064e295212047db1a3af28ebcefddd62f49957a03d18edb196e0908b9c3f6 |
| SHA512 | 9635dd9b7b02b7b1344d16ee83ea911260457f7afda0793bbd7f26ae2519b51029dfe6db520d802def17eb7eb6bdfb6ce8ea25f833ec94c38be13cc11aa368ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c900d75fe9f55c8e8e2338e6e2c82dba |
| SHA1 | 786f47b0f55c24f0d41de87bf32a26e99b54c809 |
| SHA256 | aaab59917cedab4cff762882bac3446c47cb14ec531d488c4d352380d7df32c1 |
| SHA512 | 3443a7dded59daee558cb435698a3fce15621c043fdf2eb021c35829cdbfd02f24d5b75ec8adc2139d07b266e860e8b9a1fdf2abdcbc55fc83434a497d1196a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 908454e0cfb2082442bd6392317a2936 |
| SHA1 | 6a5c66128f0ac7b1680fc91ea50eca673a4ee198 |
| SHA256 | 861e2a19be4c409870540489ffc76e54e92621e7800d67d178298edc9cbb4590 |
| SHA512 | 41c6d43c3a9a4e7dcfe5a3a63bd25f002fdb4aef26da14a383bf9ddd612e91a09d4bf47f874fd1c00cac296633f0f254d5898beb47acaed4d1dbaf936b1f39f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d1e88dee995718f2133a6b25a8d01a7 |
| SHA1 | b8924ee588e73b062fb9e6be039d183915310716 |
| SHA256 | 279cd52ffdf76dfb794a0a3c4b56ab69941a00b0d6717f2d1f45cd11598c7470 |
| SHA512 | 2b4a28143e9008bde09b344d0b0e9f89b3e0d42c64a80286545ed512bad93774433e5adedb0f1424abf7accd267a72d6fb3288657abd1cfa1489722c88f442ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1176f3a2eff8e0b125dc2e7d43a48382 |
| SHA1 | 05ebe435f2c962b80d3882d38277da9db66cdb9d |
| SHA256 | 2c1513480170c2ea3fdaf942b671abde22e78b1ec79cee668f3e03b5d43d1309 |
| SHA512 | 2f1c7016ae38a371bdf77b2c2540cd5bbdd7f88c74ba5ebb98fce83fba6cdb05d6b8c10e9c6e315ca4aecc86f3130a6973e8fad7df8aba3561c9ac19b9781ebc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09ee3d75007b0aeb671860041158a04a |
| SHA1 | 20dbf46911be54ad9c9221ba570aaef06de01085 |
| SHA256 | 24042818883217c0fee380dcc782b6af96d4c39b5524faad075e97d9efe0d06c |
| SHA512 | 6b2e7d11052c4a0707d5f7a02077431aac042f3642b4ac466ba20751ba694b91710534d4dc327b3540efe7dde1911a40d1e4b9f0bcc8592aa81f80e572e5f174 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8006259d98a667c7abf446482175b6e |
| SHA1 | ac83b5d372914911dd9fcbeb10c588d9ea54b6bd |
| SHA256 | c3bba74c2e1abbb8c241d4e01901ed9c7601bae9854589c670d4e1233f8efb22 |
| SHA512 | c4e228adec6609ac2274c6f112e9beeb3209ac9c3167604be0093dc206976711a8eb670aa9b3c792f82bdea15942c9f474342578026894da615991ca03424b2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b694249bb881e5153edf06f8ce80a53a |
| SHA1 | 2325be3e42cf18ad818b893e5d1f5c5528801bd8 |
| SHA256 | 19b36121aadf941747ae6f71c64f2c87a53fbd8ccc8819820677749fbad73ef1 |
| SHA512 | 1ddaadabc210c3bd45ffd24e4880b0840e3c1d73e6d217f8b694b0059b04db434890b2bdd335ca70ced174f1497c13d4ef3293ff06dcf62c626a4e63cc13f54a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd509cb242b89b63513f346b01d25b51 |
| SHA1 | f8f6f2b2b27ddf5ccaf1d0bb8297d3b2ec93aa8c |
| SHA256 | d086de29d2ce3cdb150496ebdd7769a7c9c590793f926e198d714d42fea2f015 |
| SHA512 | e2839479718946781c923f073504195fbf8fb1181042cc45aa10dd908c9755da0d0bd4e74b978b92f2554538684157aeab9927fc861585dfc81763b1ee35d15e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d57c7409bdce9bdca0f6e4ffb7b8f7a |
| SHA1 | 23383648e1d3b0b1ab53c0463bf4523e7151ceb9 |
| SHA256 | 0ee582c4574d412357567693d72730799148555e65f56490407fbb5bb03627a8 |
| SHA512 | 495ab21debe3ccd9ee60daa1c6e275df8d0d423b4f689ebadbfc4ca8d7ceae5e6afd8568846f393cf3457fc82db845fc795b2a4d46253faf0787c4e0b53f1bd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac8929814236bfa84d2dce83ca05479e |
| SHA1 | f53896abfd0bd4f6dc34fb0542541499ef5305d5 |
| SHA256 | 701c3dd9dc58c0eb19e5811e8234c9fecec30c8021a5649eae8ca08aadd07d5e |
| SHA512 | ad0387366294ea42d7c91ec8a32f1233d20da8391ec62a1eeb8bab26e82ce6081e8466a3e2b38ef297970e03a4f1cf5d2aaebd9fb24589069595aa226c61a12e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:07
Reported
2024-06-03 13:10
Platform
win10v2004-20240226-en
Max time kernel
146s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e4619d2b6bc8d6de1119186526bde0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3740 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5720 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5864 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4812 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3868 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4412 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5932 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| GB | 104.91.71.134:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | www.g2rburn.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.173.189.20.in-addr.arpa | udp |