Analysis Overview
SHA256
2bfff3b3721cbde44a77ddbaa417dd76104b51fec3b9f253ca542996a0c12c4e
Threat Level: No (potentially) malicious behavior was detected
The file 91eb6c261f0d2abddc36ef9a97934dc2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:16
Reported
2024-06-03 13:19
Platform
win7-20240221-en
Max time kernel
120s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{90A1DD51-21AB-11EF-9FA2-EA483E0BCDAF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000058bb515ad58f846871bcbb579d84c34000000000200000000001066000000010000200000008845dda3bad087c5205dad9ec54f8e226b56b7a35304e5e3a029d3fbcd05c0bf000000000e8000000002000020000000d0c0a3f335a2ab083384fce34d311b06ba6748756e6e34cf19a584f82bf2438520000000c3653502fc3c4cb54c127a0853f7b3f48b08a60a235b310558e1ddb16f3fc13e4000000051e58f5eb6a41905983df1cb89ea35c77e7f5a55a2da6520096fe197e47cf49f2ddcc98e8ec775aa703725625687374ffac881cf3e96f7a084e4775b79c6ecef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e2db65b8b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582491" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000058bb515ad58f846871bcbb579d84c340000000002000000000010660000000100002000000001b37f1638a4a7d3eef5873bfc558d61f7985f10ac723401f102ab4de009c514000000000e800000000200002000000041b91ac9be09970660274d7fd1d31d38a4fe0488e59226deb2af669452a4bf5890000000571225b7e3776094715d8507ac8c7eee04904dc891bc64abb6ce68fada70cae5c2fcadfe59f48e76a77fe0ec5a2bcef31f1d7ed184d04265d48e92170ec3910845e23bd80ae98e3645df6a940ac202cc1fa971df509741104c459931e39e4fe12e784369b87900fe5656e9450853f3bbff603eb5e025536ec4aabf8f692a7b56774072bd2251babca03e2d569e004d584000000062688737e565989ab916624be099bd960e09df6d474452956316dfd5bbc85e5f2cadaf7cec6d49443d09510430e85b8c45f79e8d1fbb8d5a1328fb877935a36d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 856 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 856 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 856 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 856 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91eb6c261f0d2abddc36ef9a97934dc2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabA7B5.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA8C7.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7597cc7ee1e3b57929955f8a7e4f643d |
| SHA1 | 138bfade8c84f27d4faa42f34e9d57380947c45c |
| SHA256 | ae7edca831faeddfcf502a97fc333af64f457234b669302d4fde880f4a35efe9 |
| SHA512 | 1a9c60afe67440a853c44bb5a7dba3d5af4fcb9e7cacf08ace89f06d40332375061fcc2e216819a3a927e763eeb417f118ec929054282abc27cf3752a9084658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c389472c7b9e3d260a73bd2da8acf6f |
| SHA1 | 3e6d2654809524ce304de748e3005d83d9f5b068 |
| SHA256 | 8491a1e2b26d2f6fc2aa04fce2b8da39247b55afb358c883ae8cd73322ca9576 |
| SHA512 | 1699b5adad8e1dbf4eb697cfae49dd03e0534ff127d327190cde068cb6d96df3c84e26ca488127b8ee83d43464dae7d50ade1e3ec0af8d45068e0811ded1df8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f87fab5dd7ab03e88ab94af0b5386d6c |
| SHA1 | 65a5c96894cc9aec5ec266201b2746ceea156bee |
| SHA256 | 49450e3060f805f01fb8dab9933e59e3a87e56345911e307635080bfc284a5f0 |
| SHA512 | 52b0cb931feeb5d464d2854d1df81eeb4c813b92f2af386592753da5dea3dc7bac297f1a8541248f96a6e8c5c714f1af44309b73cc61932ac9c20d2f285f1711 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 916db0a12b13b696c276939f4d7f19d7 |
| SHA1 | e8c093a2e56f35b858ce15e0e9e0eb203884bcdc |
| SHA256 | 86fd364d20bb98c3e2b68f0680fe8ee12252b9f265a61325c9af95c1b0d063e2 |
| SHA512 | 336d17409368f33589208a3e171e0db4548a53522a0c4d332fb314540b8a7eeee82522504f7cf8516066f3ef4cd927d2c305f8cc6ece12f8f11cb694b5a0010c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6db608bef1740ebd7c4ef72511e82cb2 |
| SHA1 | 77ec282382f252330b90243a2b189d5f2bb7919d |
| SHA256 | c9838130a86f71ed467540dca8c4a5113b3a9da7a39ca1ff9c59c2c75323bc6e |
| SHA512 | 77381079c3b1df9137dea1bc10253912e8ec4f4d2331d7dd2a51b5b1fd0033e76d2fe1424392024c17068be30a139093d2fc89cb85e5ef459276813861ce7d9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23b9e597b495b40af21d0f9bb20c9c63 |
| SHA1 | 9c19627c94c3ea3f907cdcd27b56cf187ba136a6 |
| SHA256 | 7030ad885d6b3a6c0fad664d35585c0e1586035d91e6a510ffc006057bab8fb7 |
| SHA512 | 3a04fb2a66cc5d818884d87c0ee035e140e999055a04af96e4b458f91843fd512d950cffdf4af34ef5e5090f7752166f25d76b52868fe646423fc9400509dea1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d54b24b7e08aaa5f5330ace27e3bed13 |
| SHA1 | 8ecc5dc7584e1fc9d779869e5363b18d0c5930cc |
| SHA256 | 74ea863bd1328a3c1fe4f998e6fec8be775f197e20e62a9c546a0d8b4c204d46 |
| SHA512 | 6977eeb17946f19e4a778bb53fc3961c1248782430ae1b9a772b68587ddba6c8d19596b22e8087caaf34c4ee0afd79bac39056691d5cad482f12ac3164bf268c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fb0b2f5fa3d7ee492150865cb3a7aa3 |
| SHA1 | d4f04dddc405d3b14dee1f63a0f137073f61e9b4 |
| SHA256 | 047b02d24803b9f7879db1b259b8cfa6ddd119ac5aaf47aa19860fdc7c24abca |
| SHA512 | f86b51c8467b0fcdbea4a89ba60f64f59b648b80c7ddddd24d7ca7d4ed3f24f0f4baf48eea93f2deecc76b81bfd967d522295eef4b294d08d2ddfcafcf87e6ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dc6dd4d2aea7203aff4d91483bf3712 |
| SHA1 | 14766cec083e105d5425f4613e95ab0082cb7697 |
| SHA256 | 8674881671e84da627eeeda5f900fde1ce988e52bdf066c4d1bf967295176bf8 |
| SHA512 | dcedddec630be257362b5263568889754bbe5fd934d67e84190cb067bdc49fbc3acdb7c5e40122408d0ab5eb6ab44d118f4d2721cbeadbc4a3c182625490e23c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee5e12f5510f1062019d9bdf204d191f |
| SHA1 | 9feacb0894fce216189cb38740415bb9116b41a9 |
| SHA256 | 22199aeeb2a656546cff99b3caff3ffe1296344ec7b3e326c34c1e5efb1a39d3 |
| SHA512 | 3e33dc27b73f51a0073bbb9ce29c77bebc7435d2389cf3144ee92d89f220db109f0482024161106ede06083cf816c78d73d765ea05473ec7944be104592a21c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b4004bcb0965be9871a40835392aca0 |
| SHA1 | 23219e114d511a439fb26bffddfce226583b6706 |
| SHA256 | 615b45cab34934aabc431b93797cc4e3d96bdc363a026eed407a13a39c659d04 |
| SHA512 | 77d560518bd47483502ec33904117fcbe0da57a8a1bcc1cc884ef3826fbd8077e7048fb92d10bbf731298eca8e7af5b5a9e77ac25fca49e4a97bf9f0ee9bdf8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da8c961205a2a5294b7c7cd548764596 |
| SHA1 | 1fae4b3a8cc6d1e4f1ff1af84565bbc98cc2ec94 |
| SHA256 | a2e4dde46beff95f7199f802d0cf02323f9369075e57282b6579d1069da7bd00 |
| SHA512 | 58f8fea4461822cec7d16794097446df859407984d02c337f39a98dac4483acadd7a5663cf7a342297516d8ee2d3427a917c9f6a07aeeac8eaae8a46e7ff1478 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34062e2c67bac774ab46c6b122ceb7bd |
| SHA1 | bd27c2c51c926a6dda08e3a6f5b0e5e388403623 |
| SHA256 | 80b51fd08e25cb9144f6a18a0ff4dfe99e7d35f15588424ece9c6cddd8bcb91b |
| SHA512 | 4cb8cf8028f026c9c2fb9ad1ce40414b2dca79c29075926a78df7ed0437c96c3379d8d05dd9f275bb07aa574f7c215fee0542ace16e6e62e490714e4866905af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c4d2274df0679f509149d700ced89b7 |
| SHA1 | ea6ac9afcbe005826446d9c944999707a71a6dac |
| SHA256 | 0e602e69e3d952dd7c0c0f37455addbae0e1ec922148b8a364e8371e4f6047eb |
| SHA512 | 5d015489bcbfcec967ad70f3df9d49546a579346965ae6acbe2bab9046dcc98146ad94e967f17d913731ded3b308d69bfe7b7f9bb47814e679336b2ac71d1573 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc6df627a27b1114afa6d03fe21dca6d |
| SHA1 | 67b505a40b712b3698e58f9a1c8d8423a34da1e6 |
| SHA256 | 1a93b5ca142b4fb7b4143fa2dfe4170d24d4c9f5c01bb0be123d732bbbdaaeb2 |
| SHA512 | 7f0187f9fa1349f64cf88aeee7dfc94580f2b67d0b4435e9c79ab1b0fc314c2de5ee5e92860cc30c217014e0040d90b09a5a82af5c966945b379cbb9341e7b84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e40b3529fc5f3814442115fbd7960e65 |
| SHA1 | df834d3b4dbda81602718b187f1ce776a8ce5636 |
| SHA256 | ff7e94e3129e1572d351126961f9558a296a995cd91c30868ebe0619966c6c2a |
| SHA512 | a96ac1d5cf2a55068298474e256c9b3a9dc60306e1a311a3840a9463a0c001cd3cd1754001b4cf233fda47fc4d58bf0360b83e9ac207eca74f7dea6cd16c3f3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5acdc70c3dec08b047b2e39e564f8f06 |
| SHA1 | b5b83f196b788d71390ba97bc09bed3aa77d5e9d |
| SHA256 | 4751823d32b8d666cffec39d93b94a6012387e5be51c9c93691b3475faa4d29e |
| SHA512 | a40f07b134099a6611220ccb5feb9a9f92c1e0d03985aca1fc0c91c5fbf7db811da47f1381f1972d2511ce688efacb16991d32ec919a55d4a6fafdef1939ba87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3ec0dd8799d7c50970589b6312f59c3 |
| SHA1 | 039cee562d224055ae56d7ef8740a878b706c017 |
| SHA256 | c772a39dd0622913ac8d3f5eda6719bd26a5d8826798f46aec49bd2773254334 |
| SHA512 | e16ab91b368b197dcb3919bfacd47da902899a9fafb41c1c245d2276fb96398da3447a16679e0b258754b366bf9442dfa96457540e6be7c0aa33dbcb5ba34447 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b18f4ba3b109562dd737fc408d543635 |
| SHA1 | 63b9ca069e284f1fd800bcb9b01849534e598137 |
| SHA256 | 97da41ed53952cd32bb60dd6fcfd8c0c09c5b07534efacf83722979e142a73ff |
| SHA512 | afb81fdcbde46d2dbeb9dd33ab2821c403f67b9cabe41e9619442ed426c2cb25903ab10bf40477d926c6088c0ed3aacd4049d2e33904541a0157dd58e1185831 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1976fc609e58c9b253da84f671e9990e |
| SHA1 | cfa1f5f9e6da993c29806f10021ce971e9698782 |
| SHA256 | 29b63abe792c94b34918e0ba41fa31ff0a17b3c2f3a7dc512b8421e0fd3afa89 |
| SHA512 | 53e28cca5951d666ab1ddf1afd97c2294f38ff60fe3960836fb5429705a4b6875d6d4d9566f356c920313c9bfc29fa90607af74f7950794309aa954415240768 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd12ce38250145b20ce5c0edfb7463f5 |
| SHA1 | 96d0ee263a792ca2ac9ea6ea03142fa772af572c |
| SHA256 | beb73cb198442970ef0ea13f09d4c4374c5efe552c5c37fcb8094652f4bf940e |
| SHA512 | f1f3c0165252c1d6a74511b5b50e3ac9d0a2ee9008fd8af851e26d993477c2bf7b6789155c210317600236092999d8e808ec1644f56da690dbcb5973e58743b3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:16
Reported
2024-06-03 13:19
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
140s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91eb6c261f0d2abddc36ef9a97934dc2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4044,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4616,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4668,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5440,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5460,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5812,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=6012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5844,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |