Analysis Overview
SHA256
843e2219514edbf1cd0011b7f3dbeefcb305daa4360603f086d07bc4ab1f420d
Threat Level: No (potentially) malicious behavior was detected
The file 91f0e267f4b28bffc70e31cb06e597f3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:24
Reported
2024-06-03 13:26
Platform
win7-20240221-en
Max time kernel
135s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9119FE11-21AC-11EF-9966-EA483E0BCDAF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0f3a566b9b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000feb34d3f869f384db35fb338b6fe578a00000000020000000000106600000001000020000000a8923c3f04ede1dba80f14cb198cf12100cefb9d22793f8e5d26aa7199c65e35000000000e80000000020000200000007aaa727072e22a9f13bfd302636bdb2b4442ca1535d86353becf52b91ae3bc0b20000000df30f46376336d63d35cba80928cde8b5556c27fa741a7edb08658e106733857400000009f1dfcf385886a7a186b47c79e3d67adba21d61c2ba71f3cbc9a16761c5496fb29e86069f8166d0d207bc71b10e8d8fb1fd0fdef6abfe51a70edd965659a3c50 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582921" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000feb34d3f869f384db35fb338b6fe578a00000000020000000000106600000001000020000000013f489a51c4fb2dd66e84aa9a172972efcdd2a45731c2ce3783beaf44a2ef66000000000e8000000002000020000000e04b852c4a0d5ea693e646c229ccde534d33e781e568131a6e65ae37edd3efd7900000001b0e84e175e05a29b5b5f0594ce8192f75e5c0faaef005481d5b61737e526e5c3a65dc9ffe46599c7dea46163387e5902cb9793ad48f93a1f50ce6020b9a203c85e90d86b50ff46628b3cffaa2bc0d37c244209facddff017cec6928fcd9fab2308581d64d818b6adae9a84286a1b9dce7b5da0eaec63274519bbf45b5b3ae412be2e895136776b75bca4075cde7081f40000000279e62cf08f9f469d68aadc807b8be3ebbab4ec01cd230f4e255ee46e0be4f6c0b7cece75dad82b3a42d2480bb83d4fefb658420db5a7792a0a03055bf1b6b60 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2156 wrote to memory of 2528 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2528 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2528 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2528 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f0e267f4b28bffc70e31cb06e597f3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74c6c3552df708151e12c000c1689b04 |
| SHA1 | e46b740833eef67aff5c9eec19387ef3d6a04f70 |
| SHA256 | e5433e018c2502a5f6113cd1276f4ff4e321572bbab278b16de2568161c19e8c |
| SHA512 | 79caa2d4de954273940d68021c43b9241b1ec4b9756425b350c9dd6daef1bc5e5be781390796f81bd6f2ca7455df82bfe2b984a79ea0aab6c96e570fa91c75f0 |
C:\Users\Admin\AppData\Local\Temp\Cab4145.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar4148.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab4233.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar4248.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16c15f86d78981d1ff5f488fafb57c1a |
| SHA1 | ffeff20ff8cb6c5b2f7481919fb6488014bdd9bf |
| SHA256 | 09989b1863bc8d836af2e70af6abd038f3c2dda3a2e55f35772215b8db7ea0db |
| SHA512 | fe831ce283f3fdb63a0f1c5fcf725c1452f2278f84db5c92da0e461521b13dbb7c3707e436e7a8140acaef7e2f653d0a5d74339c18d756608166093d7eb98178 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a09f86977b0c52b41b2cec13d99949c |
| SHA1 | 39182339956e02543bd471e56375aeb549794911 |
| SHA256 | bec981cf8fec399d96181adcc5ae30fb67282f1ac534557fdb8e44468de77e0f |
| SHA512 | 87db971bb6b3c6cadb656e3d6481bd942e45f43ccc1e14b363fb507ac5474d499bb556dd4428c3b9f5b848c1d4bdc0dd7412337a0a73ea12ca8055d84ce45829 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 097b93b3cd37999cc433a0af0338c97d |
| SHA1 | e432c6e621a1e501b73e276ee40d5e53fdc833eb |
| SHA256 | ce1514c684cb5e21f14f1e270d960653a5bd224965bfe75d9ccc0c12d0f31d10 |
| SHA512 | c364d8208ff9c6e224e6dd5a1610b8282992770c97f4e020b2003dfb363993ca6c49ba4f62734c2f15dd4e6084705df4ea4f592263bf0868bceccaa4be70f6f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70da067a526a52c6bf2aef8bc97002b5 |
| SHA1 | 5fe59fff50ae5b4ae2c8e78bd972bf8dc1321ac5 |
| SHA256 | 6cd526418cdabd02e02f62d7ca076c265b98134f4908fabe0c7a08ed1dc3a6c4 |
| SHA512 | 784efc8ebc008797af26467a5c8a2317e1934c4d5792d37a4080539fe0631987eada33f1afd923b7fb25f412766496b54f089debcc5a134c5277616b41804b57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 590c49e699a20863385d79e307e80d43 |
| SHA1 | 913f7eac696808cb048e0a8fa68101e7787cd0d2 |
| SHA256 | 3fb639436ecddc00fff08ebfa3b200207a6ed6ed94eb02550ff2c5a87a4fda95 |
| SHA512 | 93d5d5206f43412e651a6714c68b7b4c0a8cf6cebe6bd60ca72c6c183663cf5f88c60639bbdf493b42a977d316fe9058e679c913cf76da1cbdf2800f3ef20f70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97101d327384e59a26a15caa804e7ede |
| SHA1 | 5a736655d7949ac5ecb43c84b5d2cf4869dd0cba |
| SHA256 | b034dfb8b7d4c8db3b6cac8b75c37ecbc245e44e60ecbe3dacd559b413361e4c |
| SHA512 | 6957b030b58006ebd7b1a9d26e38a12a8c180c4a770e7359429a762f7057bd45b887a9edc067772d9920c45a7ec2616ec7850c7832760b70a055d8f90cdd310b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e40f6ef18d92e6ea5f207d1cbc01335 |
| SHA1 | 99ce1255f4b243bd69182dd387deaa2453248448 |
| SHA256 | 780258e3536205d23565b77c424c66c4b5223fa119798fe84225ecfb4925fb12 |
| SHA512 | e351a95908d884179b915f151e4be77dbb3d1a460b0f0e00cff9fa967dcc69b0738ed4b85320d4c35dddc0e466fa3d0e419be8929dc6c5218efb95e90b3680d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c14986a8421d35c06f70dd5a2580e2a |
| SHA1 | 1d3a023e473ac00c09e9a1d8c6097a13dc9cec6c |
| SHA256 | 8f85f5b8fc4e753cff33d6a41c79756f7b3e28c236d6908cc8b40200940691e0 |
| SHA512 | 905979f7fa527b72a3a2a078b70e2ef62d17794dad9034a16d5fc41a0721b78b37838daddc0518232a4839e3599aaf7675ec6a81bb3f60c6e8663d48bf43a850 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 017313868a0a929fd37bbeef70d53e86 |
| SHA1 | 297be8de65fc0489cbc5ebfa98f545afe5c16750 |
| SHA256 | d51318b42c8d61fd1669dab056be3bc4d3bc7493b957ff3f56d87cdd5eff23e6 |
| SHA512 | 76a0c098cb68814410a8db7c3b0cc2b05f6fc42fa1ad80c5c7fdeef71433c3f7c26e21762df1ce20a7a5e7efd7c39192d849897abfa5006bd28d0dec46d5a1f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dad84ae06d85db1faeeb79481dace5c |
| SHA1 | 7157d92266caf5376c5a4cfac0d58d4ca08118ea |
| SHA256 | c64dee46351aadc023c19299f2fae35d6429f015c27eadfc4282dda296a1fb63 |
| SHA512 | fd1dcefa6890ee70b5b047aac84c4d9ba1add024456589e5b947f2e05f6d19c0441603fc2d15e30dc5807c7ebd479cc2c129c03a982e73b32d8a250a3e4eb201 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c9930e16925a5489f9146cb690a893a |
| SHA1 | b13dddd60dd8790ddadd9f17a0990cfe38469ec4 |
| SHA256 | e4a98a18fdb8dc8019e9688dde874d53359d6b02384aab77ce00dafe38f9334c |
| SHA512 | 248ebac4766cb1c46b8749fb3629352ae7fc7a5ea1cf27182ad20e176fad57b7adb17caa592bd822427f82faed7b5eec9d9dac0d85cd29210cce0fad8b107b25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 09978ba9ba40e8739742d55cb0ec8e80 |
| SHA1 | 8723a7914f5196b2c2a5265830ac8a3bce152f21 |
| SHA256 | d8a3e6253f93a7390ae3fbc5b6cc9b42d6047c3a7f1329e2997a7e4e5774b001 |
| SHA512 | c92b36325a015b017d31c5194f7f80997db3cf831852237d449e918fdd5e88dfdf59c7dd18dee11daf1edc9b1455fb1ffc185127db0a1d5814a4a74a8444143d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6250679269744840e4d1322c020e3b5e |
| SHA1 | 32fa7fc755849319a9680ef72cea2c44a906cd7f |
| SHA256 | 4d0e8c89595ee8a811291d297072c2bff423468c66a5522f7f5721d55061e409 |
| SHA512 | 4d2454542ffaf8272e1c958c3b71243cc418eb592229453e1b9bb79c4a482984f16d2a34832d10b9b7d0234e3a94339f04f8fbad7f4f09f03c57974aca4ee982 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9248b1ecc086ba1a103991a043a29311 |
| SHA1 | bcc0f1246ac8281965fdc80934f6298cf54634fd |
| SHA256 | 95d2e9211c6d0902682e53f74d3277be6e30356924409cb09db985a9a512fc2a |
| SHA512 | b778a942c2dc42a5c04573b6e788a0e9ac4540b07625608231b9f1a3277afbf97f6c1b2a77b53fbf721d86aeae465c7ad2a825f63f6243f9867720d73fd7c843 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5518501ba44ff702d9e6a1af2ff264bf |
| SHA1 | 4f0404b7394ea79c6b34bc71f07df39c07931748 |
| SHA256 | 8daee3637a60f6de831b3493fe60c60fcd3684fc713d2e1a87facb7aadd1428e |
| SHA512 | 99260c6d9258e99453f4e92ee13c5c92216fa4068904c8043db56a9565634ffc029e27724fdfdfbeb6d19e3d5fdf958e03ea5f25c0aae66837aef6b1337ac0ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56e4173f6566717037fcd68ef8c2147a |
| SHA1 | 4d394bced1cad9328942e7d64f021f1fb58e1406 |
| SHA256 | ce115c1cdf4e660b99f65cda828fcd9a17360c72d00048100486ae5d27241a98 |
| SHA512 | d9c8799971b5dbcf460c51c528eaf7575c196fa9c3728a8830d51e3807d537e32f428cd3e6c64a5d157fce2b8378cf834af1dbdabc02de97c6569fe3f1ed064b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 380bb68c2f70158e152123a3c1ba58f7 |
| SHA1 | 876864eb10ba502477a0538e43d246b9d04f1121 |
| SHA256 | 6946d22086ff8baba7439a7c0999c3c989424b996d20ab481666eb20da84f2f4 |
| SHA512 | 48770b2173d2bb36dce54f09d40f36623d7c29a12be7be36ac1bc78487a7dbbc22a97678a783279aa6c4d6b6612135672bc3a1f6b1f9d456347a9149c2836632 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 193bd4c8f22ffd82d7989208658d817f |
| SHA1 | a1da428e10171a14d46d234a695532018d926ad2 |
| SHA256 | a72511816d9046ab508eae40f1f8d68c52ecb22c0c6798eab3fd16908f0b9133 |
| SHA512 | c4f1e8f2cbbac25d95eb794b68c101add627b16a9a10d7227841054cd4140b66fb17051954f5a77a528c146072e3ebab0f654f6274a7c9d217170f6c747e5b28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e9360a6c93d378ffbae1e9119cfef890 |
| SHA1 | 9a1ae96d3b28d17e83d7e06e76cecd41fa52f154 |
| SHA256 | 943d7bcf6919dbbed919361ecdb4578e18d8c8b6443095209cf11d196c9002ea |
| SHA512 | 94d8553d154f856ce5e4b023d5684b413410b615feef09ad85c6f76b80abeecfc9f2ce031e55a48cef35497a7e03075620da32a1ce2ca86fc912eaf201004445 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2dc84e8c725646bf93bf547dd1a7d4d |
| SHA1 | 0980d1b55063c682bce5cee988e71d6b5c6653a7 |
| SHA256 | a6f579586cf7fc69b0d3360b288ea8699f1a8c27b5a794ee800a49281e83cc3f |
| SHA512 | a3ba6027a8ff9ee7ab56dc969d8ac45589c5a0aa3263dcf4d572444ee23b626cbfed314873c906a72044473983534b345b16e3cef84a943d95270a96350dca70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77119feb926d27ff30b8d294cdac263e |
| SHA1 | 91db3fc4cf168f4603d6336293180756b09e0c7f |
| SHA256 | 4b5c66264750338b4b0e8c3bfcf7f5c12a240264e82211e9177b3f693aaa425a |
| SHA512 | f5897597e7e63fe915deb3b373da6270b2e6529be23c4c42622109d00a0732b4035fba981bdc1a166686b7924d4f64d7c995599483262666751802e07726ef26 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:24
Reported
2024-06-03 13:26
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f0e267f4b28bffc70e31cb06e597f3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3980,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=3816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3948,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5284,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5328,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5356,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5868,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5360,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5828,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | fahrraddealz.de | udp |
| US | 8.8.8.8:53 | fahrraddealz.de | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 44.227.76.166:80 | fahrraddealz.de | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| US | 8.8.8.8:53 | syndicatedsearch.goog | udp |
| GB | 172.217.16.238:443 | syndicatedsearch.goog | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 166.76.227.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |