Analysis Overview
SHA256
366f2b0fd1f3ba029b334ae3ae2d4923a2d81a59a97e8114ca3f6035db1cf112
Threat Level: No (potentially) malicious behavior was detected
The file 91f25bbc042f3a45bbe0886f4724ce26_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:26
Reported
2024-06-03 13:29
Platform
win7-20240221-en
Max time kernel
118s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f731c3b9b5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007304fa0496ffd34db2de64e9ef6b73a9000000000200000000001066000000010000200000009390f2fe7157d34f4fa1efbeff43f99b0b7e570464aeeb4b13fba397fb09b135000000000e8000000002000020000000e91426d906371a5179fe7b5dd26862374c96d332c094a1e6b52fc918d9df9bac90000000cffd045b5b0988d812a68fdddcf678feed9a8c77fc3d1f2249cef607bc7e13656806a4c7cd0ca2317b93ceb57c9b843e8a9104a70dbf0c048a26ba1f2889f4086850516bada784cc543880333262f1c36f848c15e3c32984b4db2cd46a1277e521e0ada5289622ab32f85c9379080bc908e100cb46a15ba4ac8ad4fb5ade7ad2fa66590c18dceb6ec44bc2a54ece04364000000091f5e66ab2cfa3ac62551c1ba06177c755276cbd80641e42e1565415501d8fd6cfd07d0dd8e2dbdb947dba329433fa8391fa90c01268a2b44c109085614bceda | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EB938D71-21AC-11EF-8859-DE62917EBCA6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007304fa0496ffd34db2de64e9ef6b73a9000000000200000000001066000000010000200000004dd31f5a1b1cffe58f2e0f4b06abc96031e6d00f002f9f171cf2fa2782bac0c7000000000e80000000020000200000004ac649e59bbc52ca33a5685d102291e1b7d0f7b44bb7a5430d70d12aca9fecbd200000006e37beed8afb481b2288d5725612164c0dd25d0c126e19f9f1df281d181067b640000000663a62bc202d28bc8181b4b22bec7d857815c5ca5c6c800ac42c968462c8ecc037041bf1aec6051146e6164322ebd9651257a875504f09f6bd804a6fc6b1bee6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583074" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1728 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1728 wrote to memory of 2768 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f25bbc042f3a45bbe0886f4724ce26_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6cf7c3ba51ab56c4f8d96ea4b2c5056 |
| SHA1 | 6308257c196f2037f4e423f237d6af364ecc6899 |
| SHA256 | 5f2ab9912529f39e085ac2fb047634297555254a599b5860746eb36f877c724f |
| SHA512 | 9c3b893308052d0430f9d3298d048527c9bca7cb0d04a08d09dda3d1dce0df2df09410f39553232703c279092533185285d6171718c486ace3ac39a15e39dcc7 |
C:\Users\Admin\AppData\Local\Temp\Tar9CE6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baa2c4506c97da769f56d21a894f0391 |
| SHA1 | b8ff10f7891a23310f9fe415d873fbb884d10f25 |
| SHA256 | 70aee91042ff2a7a2611bdbc5c878a20ec958e9c6c5fc6c9c1fa30b11ac26e23 |
| SHA512 | 590ee8631276692f44c86a742584728dd72188d2a3646c99478c349ac4d8cab2149902d4a01b9fc1729c41cb2e369e6cce1e46a76afa4ba8f7e2fa8ab5ec0653 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9BB8.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab9BA3.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 003aba8fc9b78c85d3b55a1be19660e9 |
| SHA1 | ce329a8da2160e3cc5ec77c5c6e33321aba77b3d |
| SHA256 | f9841a00d823ad008aa9385c98b716bcf64c49b7aad26ea1010d8f594886bb5e |
| SHA512 | 8013edc03a90a7581c8e75315d932b0c20b9a6b52c3e006767d6ef3e7e850a3eaff1d1244e8fc273fa87d43ca2cccd2d3d72e85beb503be78192b0358f73995f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09bcd32e1a37ef02152c152bf948f533 |
| SHA1 | 5d03458a212135955cfd6eea74001ae242acd5c5 |
| SHA256 | 0fe0d611df5c5ba1f71b5ff5357740145836f7527fc81a512471b4c19ac0c51b |
| SHA512 | 423c0004b01480f0f7a4f119588d66f7636d19c680ad061424d2163eece695883f00a89021b6eb9d2744c8f1b32a2da34093ff9b3cea65369cba6b922d3084a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c509e621dddac02e96634dafe47af2ee |
| SHA1 | f4fae9dbd05570b8099fa46a1ac08cf632b28c01 |
| SHA256 | 5dee5daaaf76d25e46193c7a9888f4140976a120c3b9d2ed895f375e79dbc465 |
| SHA512 | 293c7969f6d9fccf492c0a5257fdd5aefce0f15a653faf59e4cf172aa3fb71e0fd9470099d22c0f1164bc2436ce17795f7b7175b8b962d8ecdb2cbb3c24dde8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6961483f7c1143797ee403655d2772f2 |
| SHA1 | 9fd8f04c7005167cc229b920bd664e87e6eac413 |
| SHA256 | 083464b237d62732946f038346b619cf16a61150f6ea43f9a163c6443ddf153f |
| SHA512 | 2eff9dd23113b8e181cd1689eb406702885eaea5e4501a5507259974d89b5b0e960139c2ce09ff0caa96a28c48c295da2acbd6d831ce0aaf0449757114b51c0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b69d5d767132684284c8d97cb2de924f |
| SHA1 | b8a0afa7544e29bb46f8bb8f184e4f7d3becbd19 |
| SHA256 | 81dfda1ba15f0639c6374604a26b16a23946af725ed747ea1d3c554cd8895119 |
| SHA512 | a77f1b18ca0fbd7df09034d636dff4dd6436cfb3b48cd4918170fe6389f82f011ab9cebc33ee4b69b51d4d7716c083017e125f76badf7b257891f0408ba4d7c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 714d954d858b8cc44cd880b2a97cd887 |
| SHA1 | 8e6ba47d8c508416c9b7d3355873dfc4a7641706 |
| SHA256 | 4ea62429c4e34ad16235fbb8826857b7927eee0ad8da3d6e2cb1a80709ae81c7 |
| SHA512 | d7ea93ec010c6a3098b193d695a78630284c6b72eed3decec9e2950453b980d1d7b525a026eb6b2fbebbb06db49b3bda0b89ae9aa177052eea913eacce1ee31e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62d5703a14d75b19400665d2c75e5561 |
| SHA1 | fc6b05d229e09731759dc1638b5db0233b395319 |
| SHA256 | baa17328991129f213c7d1b2038442f0cab82519765cd6d32fbbd3c3a03b8648 |
| SHA512 | fa925a69148d4e9b329e21090d762895869a43f5c78f22d77f490c40db26febc2f19f677c6f5ea17873c922ebd83a9a4688bf76cc8b8fe6a30b9d996d1acdc2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 593ac1fd8b1e6ca0323864f77bd85599 |
| SHA1 | 84f613a74de48c5b95829997e78a22934d2467a2 |
| SHA256 | 0465bf11706a457330db863313da94c3e11154d99e5cd22cdf864103991f229c |
| SHA512 | a2a9489da8d75cf8af6675b5785a467baaaefe5dd1bdc4e74b20cbf5e8321f2176b49764394b225d2bab57de76a0238fe42d697583fd4b900b2e1ffa87723aa7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09f683c8a77576caa80ef3cf72681850 |
| SHA1 | a5c667a2a924db184fb7b76c7cab1af108cb44cf |
| SHA256 | 05c2e2b44668edf13b369e4908007c8e0d4d773e24a03c7e85783e2ca129b8f3 |
| SHA512 | dd4a8690b3bcdc478ae9ebae0e3355ad9c5d2c3d21f00f353c035e0424163ba93e8605e39391f1e426eb3ea31c029fb4f756a6d6c647128e9dd0b8e7640b0a18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43fe5c07daeeea9d3223d66ab61745dd |
| SHA1 | eb3af48a48be35c405d9aa3262deee871d629d7b |
| SHA256 | dcbfdbc5a7b32cc2957b124d514cff932be0f8243ec4d07f06f115316deb3ed5 |
| SHA512 | 56074c05b5f678869f30232abd5a04e95ba5cb670a65ff483d96778e4ef5f33c700de0d7486db8c2238a3e6700ebe035acc0990db612634cc72caf41fce9042e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c98dace694c5cdbde60a285f010a05d |
| SHA1 | 68afea12bd8886a54e39753b3b2870845c5b11fc |
| SHA256 | 94ecba7af9bb8a37255d4a8f306c8b8d76fff4ceeb736e35b146e69985d5aed3 |
| SHA512 | ea0be5862b521da7ace0ee2f0bbe0af0219118bcf6344753f6a0b6463e51980ab1d7cf85bf07cd505feef1b29f99ce56a76af832cea1c05a4f7d5d0bbed37f91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67633f3ae4e0334d907c8e4028ad9abc |
| SHA1 | fd0301a3a6522541ae0763be30070046d2ed9d19 |
| SHA256 | 97260d0cdb7a5d66f9db9d95ba96923ff4a35796c8230aea02b8ecaed5e962f9 |
| SHA512 | ff41c6d3120ba340212ccee2486e3db62e2855d87d90a005615bc6310c8e7a0c44d7111210ea83bb3b363f420d83c8ddc6e54415faccd0ab2a1fac0a762e5a7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdd04794d6363a5af139fd52eaad2782 |
| SHA1 | 1f45a4d20ca3f9a96ce454d617933ef12a6d03a6 |
| SHA256 | 7b18484217805bd350a4d4e01a79023f880d5c0473f9878ae0f9049d471502c8 |
| SHA512 | f1b7d10cefef6fd0006df96173bc9d5b191411588feee2e243fc1087a3b34cb8cc4b5885d7824a56f2a445c6ae06920f70ee22e2fa2b7a46386ef7223d5b9197 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 5f13aafce9c8464420fd52c73a951ed0 |
| SHA1 | 6c196f7240610848b373723b651f475b95002851 |
| SHA256 | f735766e70800b80613f42d56cef66ed77c31dac2cf18d481374402e4ca88881 |
| SHA512 | 811e854dea04cf18dc840e3860747ae08971361246e95cabbb22999e1b2703cdc0dc9f6748b558ea426060af1a5bdb571e20cd0f0d2e24a6ac9b636eecbf4789 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2872965e850cc41aeecd7d0d798c80f |
| SHA1 | 02263f91ad105331a888868daa934a4cb73dcf80 |
| SHA256 | 1c08cdd77651642097c4b256e8f9dd3155228c43bfc3fcd3ce323f35b2958cbf |
| SHA512 | 9c4f735acd828aa11c533e95df37c1f0e00bc9d235eea01e57c16064102f23f9209251a8eddf7b4343978974b41b60c1920fa35e197426a76a515bc0778271f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac6099cb4816e060585cf56cf7647405 |
| SHA1 | 710b68d074f1b900386a6f4ae476c7dcbe65dd48 |
| SHA256 | af461835253be3429ccd9a872a54aae126235e91b1b6b03d1c1979ff96ec9274 |
| SHA512 | 7b28489b5ced21986857581d753ced3f4cd012846778b6fd7c1553f06ea0c21e5a2691de18726ab9b1deebe694ed6e3013534cd7f979a99554680bed879b7ee4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89d9946042c42b633f54d388d9635ef6 |
| SHA1 | 6a2a2145b6d4874cf69b0ca9e7f854dd6f73af24 |
| SHA256 | d64cb64953bf59b637665b9f80f097350cbd44b373f7051ae2c6d8361b5b54e8 |
| SHA512 | 8bdf0020ddb19747ef48a35cd97d0e79512c8ac588e148ac6d3beef520dc6bb1ef263d2e4ede09d48f8377d5fa3a4a0a7eb1f61ad3e50600bf46079d72d3b261 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f851b2b750d403483c5952aed1b0f054 |
| SHA1 | 081d68486e764520e608957531fb105557d8ca4c |
| SHA256 | fec8e73988fc4aad839cae1d7d9d0d734247db47741e90e3e7f6ba4f4ca7e917 |
| SHA512 | 15f06824a24c19a1016b7efed997352d72f3c50bcb9bc5748454e2220048da232e4611e260f4f526095417a86f366996c138ad520cd0d76ebb7bfc86845f4282 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfa7477d72e11e5bbad0b520c98c99fd |
| SHA1 | 959c8e74612208da77d6a50857f2d813ac9760ac |
| SHA256 | 159cf70dfc8a217294df97a9411ab454a68258701a5232c68afede459c28fd6f |
| SHA512 | abd014ceae2e4f0f75ed629003dbe73129c3ba145f8c41059808619f8d8819733adf38ff14085308129203e92b59702fd6203c331b93a06ce5970744a86f82d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9aeb943b66178dc6b076420c30b6ef9 |
| SHA1 | 0e8b4c174bb106ea3881774291f8950cdbcb5cf7 |
| SHA256 | 22ab2180ead90be9e546796d23c42249b097e47beb525ab700b76cebeba452ad |
| SHA512 | 369933a90f475b8f4e65a6ce8f0a5121470b03da9faf9338009499d825cdff791a298aa4e540fbc3e4e020fdf7fd3452822128e04b0f42e2bd132e58b22b81ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58a1e25a1944e4872c2b0ddda7818758 |
| SHA1 | 28c3760644f313e9aaac4883fbeef38af4c7440f |
| SHA256 | 799558e20aba507bbfd51a6b98c33e7458f1e02259d9d837ea9bcfe7a3bcf869 |
| SHA512 | 21fb22a635dd8ea5dc7a3208572e3512bcceda33ba44ba144075d86c6c7856a98b2564bbfd08eb80a7840c84d263bf5b44eacd84deeb541168fc013457057f04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 089c4fbe8c2d7fa8843a80220fb9e844 |
| SHA1 | b9320012f5c8e99d9809624446ce08c3f234956c |
| SHA256 | 3b8266204f0190c8cd0b3e810014dd346f112691bad556e39c5f204e3908233a |
| SHA512 | df6489f5ae29b56673d09ad35335554b7008a66fd1911f4f91b76b362cec8b5a194ad73cd1888acf25d3f781315fd80a3866c5e14de20efef7f5554e9c23ada9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 610461fed3e251ebaf9accee651ac536 |
| SHA1 | a61896d2043a1da31a56807f4d91ca723739e544 |
| SHA256 | 6f644ed6c82cc70d0c017213de07c10468b9df057603d199b5e05938949daf9c |
| SHA512 | c2d7f6cc849810342fcabf5e08acf702fe7c697d79e1072cdb3ab37f0ae81ba97dd3f28fb756a051f6a60ed1dc04a2554126456b29a24df73372e68327956432 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:26
Reported
2024-06-03 13:29
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f25bbc042f3a45bbe0886f4724ce26_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4056 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4928 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5596 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5556 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3672 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 104.21.65.85:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | 97.166.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 85.65.21.104.in-addr.arpa | udp |
| US | 172.67.166.97:443 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |