Analysis Overview
SHA256
03afe5fb1dcf5a7e98a28cd75b4b1fe65cd4c9accdefe89c29873329953a0013
Threat Level: No (potentially) malicious behavior was detected
The file 91fa84e8cbcfb5a76fdec8c912d20437_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:37
Reported
2024-06-03 13:40
Platform
win7-20240508-en
Max time kernel
120s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C1D7A41-21AE-11EF-8189-4637C9E50E53} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000060d4011d729528f46b107187dbaf13e3b57828aa0247c2cdaf0d5894c641cd24000000000e800000000200002000000053f720a28ff5545125bf0b0f1b0be67be231006b7425555c877db90768df518490000000d8f4bed973cd6ced3a011c1c5dc7b259728a00f1684a9f9bc42cbb36ff7ef9fe0a53683165c3c3e0f1a253166d1f9ef221565cfc6d22861f752957ab61d8644813f2e3120e54b27fdc8da2f3aac78f49607a427dc7136fed0cc27deb3c2cfaa3f2c2a0fc1d28d66517b4dd1a3b2be056e876de3ba9e6269a233ed73f5e713ae727578b3ff7a9f17cabe823e8b445f27b4000000043aa336759453606d6b211e8cb4fdae35d8c3fb53d8a57704698942f5e1fe00799a54f72c0e98eb5c13aa3d611dfef3050e2f4d44da6517c4c883b1e383577cc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10d3f141bbb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000050b534d07406d28667f51e8df5c47d8509f9e7fb1beab692b3f14b6cbb5d675d000000000e80000000020000200000005f6c3d5d55dcf24a4cf6744870e77b5c9162cfc1f208ee6cd20e96ab9701af2620000000318822190268270c6efbb67035b4e6fc35180fbe4fdd566c9c63bd263e2d3e7f4000000084b446e9824bb23413e5853207708c562320df22bf4db3b0228cdcd9dfcc1a16ee0960b099ea1594d5b66c259a647de96db82856b26585195247e377979723ee | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583717" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "18" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1680 wrote to memory of 2700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1680 wrote to memory of 2700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1680 wrote to memory of 2700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1680 wrote to memory of 2700 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91fa84e8cbcfb5a76fdec8c912d20437_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.foropoemas.es | udp |
| GB | 142.250.187.226:80 | pagead2.googlesyndication.com | tcp |
| GB | 142.250.187.226:80 | pagead2.googlesyndication.com | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | fe0.google.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1b96b4b098ecd0e07b18d7bff248b1d |
| SHA1 | 4697803fdd923dad91927de20c84e24786ad866b |
| SHA256 | cdb5abc106a2be65a3f2b7406d8a5209738bae4f46da9c781f44b5d117ed1f3d |
| SHA512 | 96b86779f447bb7f4dd9f34e89bda299fc89dc0feec4b0cba8a580460e79c2402f35b570f54ab641338e18cb4ae0a9c67c02c8e421c52a01a7a22193be21bf26 |
C:\Users\Admin\AppData\Local\Temp\Cab3100.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3103.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar31B5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c691d99de83c7e9a7a7f8434282a0893 |
| SHA1 | 238457a2cfc32ecd3eb4e99f304b92c14c109928 |
| SHA256 | fa985e5d614ac1e3d1b99dd5ef29fcce0f706643b25cb64d09e1695e6ac4e7ee |
| SHA512 | f8be1c2d30a09b431efbe9f2a0d547474c51218a264a3efafe78277b097b2873ee6d87fa9b4a2c58f42c65241373753f7e2d0b20f20a14757eb594adab5f53b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93eb09f4b2410ac7ad6c725c3691177a |
| SHA1 | 8bb5615c106bebc476135888d64226c0bf1f6c7b |
| SHA256 | 758cf99e67e36335cdaa6a7583df0767f1aacc518186d40bef7581026554ea0f |
| SHA512 | 12f57164b23010429ab9a5a43dd79629e8f86ab4dd7902fc5ebba4920dd9edcc582d025f6d4bd3924ae791afb1383ac877e7496904d97ff1c5cabc50eaae322e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f16c1d898e00e88c8834b14ef0021456 |
| SHA1 | 8521cc2e83581097c28fd6fa94e9c0d13e5fb00c |
| SHA256 | 5fd5b94c05d7085da545b74b4b6359726ec2421be092c9b4e78ad61a2b4d5f09 |
| SHA512 | 382cb7e1e9c9f1584435a9695b924433dd3549eae52899d2a49195eea80ab8d2ffe2fdfa8a7bd3d025c6c31201cf96ab38ae921c6a7361d3356c872f41fdce91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2414b5b54e4aa4ae6e400730aacf054 |
| SHA1 | 6d1480a5becd201dd86d02c19f87f06aeabc9e37 |
| SHA256 | f48bef47967e30a144807aedc9dbb15368d3118603d3a9300819264add2c2265 |
| SHA512 | ab77184f64e848e71eed1825855e0a9591e7c12315c01952c1faaea13568fd7d091961f2f53877b284afca6b5074467c76706fafb8770552456ce8abeaceeab1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 105e981e897db96111777bbb2a430416 |
| SHA1 | 2a131d86e2d72745420ed7154abed6a5f01fa9d4 |
| SHA256 | 19a709da363b5fb388394e8a178f72ae5877f044284a1c1b1e809ff187919f96 |
| SHA512 | c6b975fa2136adad1df7da71450c940e9094bb703cf502f61cb6479f52afd9d4ba18d659757c7ef6ad7ea5ce6f79f0506e0d35e28f92fd77493f56f410dc0d89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c405bdf534ab5ed4cb12417bc9694c3 |
| SHA1 | e69ed5076dbaa97b2e8810cb3731db4bc115ec36 |
| SHA256 | 30e3417fa68bc8394b08126187105fefa5f11c1405e1188743745e8d610ca9f2 |
| SHA512 | 3520ab5c561df4eac263197777bc58d42535db3aa85cbc0668079a7dd409ed552e6b45bf76cd9897c4086f3973362eceafddb8680696cda6562251a679a0aed2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80c2d75929a48b19881fa3caa16e7b83 |
| SHA1 | 73f547dae03cd19eb7d37bece908213990b0d304 |
| SHA256 | 5f55ffe92127880e8295f890820fd402de83daf8c193216afae030c1c8da8fea |
| SHA512 | cbd4375b7cc851c8a5dc8ba7be3d4591ac71c7a90e306c09a14b1fd3e858f292500df0ff527b0e96026ad3e7478eb704f42536bfff0e6ae406c1fcb0b97ed7d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb7eaa721c46bca9b9b3cd9001555c66 |
| SHA1 | 095e8fd72cd8f53d676da613c139319b010b6c23 |
| SHA256 | 539a47e796d111398d803f31ed38bd951e82b0dcaff86c25c659ac43866ad2b1 |
| SHA512 | d9aff2f73e12361893718838609563656029445f10928a486d83b09e19b447dde7d9740306fa2ad3bf70859c51b5e141d0852057b263dfd2cd3a44df9ed94aa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 028c91169a6195d8a6337aa5e7102fd4 |
| SHA1 | e77dece30f38ed5d3066d665f0d099ca80442b33 |
| SHA256 | 278511805003337ced1107d4b2d9608c1c108eafad7434a97ed46e0ea313c323 |
| SHA512 | 5b5d4dc1d92cae9f840b060e128f1ef5729b8c2090aee0ae109d5325c4de712000229c687fe8fd7ea7e5c18c97bbce3d2dc9b4aaddd8e57da04b929a8315f7bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45924e4440d97d487ceedac4647f5561 |
| SHA1 | 9a39de686348705f78a675adb83e2d3f91976acb |
| SHA256 | 2f5d6db3a3fc723a6783e2a29e8c294699e7c34c42d79974e234af4ab9eae26d |
| SHA512 | 348d915234cc64b644e7fd4dd2bc501960edd8be80092a52167b9d48ff0763e8e872662c4771905b9985b2c1530c954d7dbb0006d0e4d5b17d04a6dbdb5b2cd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2988adbf7f0a2fc4f2256dfd89fc0b4 |
| SHA1 | 53520cd425e417b419f549a6182738c43392ace4 |
| SHA256 | 87f26ef2dabd1cc0ceda5276407608be2835fd80b6e0c8ec6ac0142f1b5cd689 |
| SHA512 | 848ee9d717500397a0e2e4a4c74a6565297364505fa6cddc8801570fc463ffbeecd5b4af863848c499c2f3d4d4cc758679c7bb5830f2ba3a532f2227702a9ced |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd2139688e209c5df678d0e0d9857b63 |
| SHA1 | 8ebf2cf2de7f774f568938c693ddc773729ede99 |
| SHA256 | 82cf7783c3f23e3e0673aaba24d9e8ac5a656e3f7d2d7a4251baaa195aa811ee |
| SHA512 | 01f615c25968a61658eb679f73550ad6319ce21a94c9f40e066945aff964096ffabd9102d824c29b813b32ec390cf38bc83168be7efa0b7d6440ffa11cc1f9f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 930c34312bc17d42d214fc1fde863b6f |
| SHA1 | 79176038b21f7357d2f58d9910ae9fe133b0c2b8 |
| SHA256 | 3b71c1dcde8de0738b29eda7d8a4a6b7fdd76a2e0b836f5841735bad3f891209 |
| SHA512 | 681fa3b3881f7305c503c12ec88c2b0800df1c66a26d0e4da8dd844a4ed99b2a13e923f13accb99c8e3be5d84ac011970fa385b7f97965109a9418ae41b705b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad65382fda0c13fbb3d92d16810c1bee |
| SHA1 | 8d7cd4e550d7e23d4a4cda888687fb37747062eb |
| SHA256 | cf57fe5d6bc435fbb84cb7239dc21237b209e7bd8daefd1363be7e4145fcf817 |
| SHA512 | 0d49e92f64dd58e6c57de8831174b540da046ed5ca7b8f6b58f52c4d78ae7837671ddfa917a986110c17c50dd7cd501caf1f8ccc8952836831e9e16822190d84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32838a09b6b5d00ca763408478503cd1 |
| SHA1 | c43a4a9d95df0a475c696aad6100c51144540229 |
| SHA256 | d2d0f45a0900da968a827c061134f10df0bb034aa4877fe488f2235b285e085f |
| SHA512 | ed55d69a373e1255720b2ff81ea700353340eb0e925fd9d6a8dbce7847776768c82533d16d867f3c840edfcbc36d31fff18b948e9ebe1ef6632aae038101cc44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1fef3f6921187a7e2fb33ac39ffd530 |
| SHA1 | a554d91bceee8de0f80fd316c77c298d0b69862d |
| SHA256 | 1cd7d95fbc1a56ec21441087f47102729d88ec415a6a5b06bb3432f8e004a2fd |
| SHA512 | 1d7ab9f3a44844b26b1ce49648143067278674355f9f4c43b80888b50efb6076f603eddc1ba6ef5574be90a27e81c0f1d9b5ef5ac4d655e6254c7c14a393c6e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 225d7e8d92cb6650b70cce396046f8aa |
| SHA1 | 1741508e4d8d5c93cf1890aee80555b86c24ee12 |
| SHA256 | 6ccc50d595787717155829d60fa4b1dec4e7d14a0640f983278328c9379fd454 |
| SHA512 | 9a3ee6696d88c6db167f461dd761e06f9c166e760e7250e76dd3859abe422ae7ceaed99dfe1c5d0b9e061da79aa9df4634df1b50090a064218ca17602efbe972 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5637d532f3f39c87aa962f323f6a79a4 |
| SHA1 | 1011d8218a7354b2dc9ea60948bc2bf63783a37a |
| SHA256 | 4aad5fc8697ed987deaecc9ff23325a483e9c4fa0c163f8c1d1b005cb1461af4 |
| SHA512 | 303d0b6758364b732a9280b892273d5fb59e8b9ab5e00d87de986d2c6799c16023c9e1abb3fdfa6bcd5c59213add7929c49ec332a1710aeed29e2a6e9371a88d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:37
Reported
2024-06-03 13:40
Platform
win10v2004-20240508-en
Max time kernel
144s
Max time network
150s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91fa84e8cbcfb5a76fdec8c912d20437_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4076,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4228,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=2572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5276,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5300,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5456,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5884,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5988,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=760,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5100,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5812,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3996,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.foropoemas.es | udp |
| US | 8.8.8.8:53 | www.foropoemas.es | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.40.91.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| GB | 216.58.204.66:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| FR | 51.91.40.31:80 | www.foropoemas.es | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.225:443 | tpc.googlesyndication.com | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
| US | 13.107.21.200:443 | tse1.mm.bing.net | tcp |
| US | 13.107.21.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 13.107.21.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |