Analysis Overview
SHA256
0d445c2c93601ec1a6ad23104cd05907f06d318823a8159a54ddff58ab24f0fe
Threat Level: No (potentially) malicious behavior was detected
The file 91fdb4ce9fe241a1e9be8ac8bddc700c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:41
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:41
Reported
2024-06-03 13:44
Platform
win7-20231129-en
Max time kernel
141s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0DA4D391-21AF-11EF-BEA9-FE29290FA5F9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f3e6bb1146e9f549be397fbb3381171a000000000200000000001066000000010000200000007e4ad8d253525b45331483af253b71fcceff299e839e265fef75b5449e9ceb75000000000e8000000002000020000000c7917610c62782be367c8da0a1585086643c7a2c3e64b48e7632fe01909bab4a2000000097b50b977b7c2c26d22a7c33294f1da1f94f7f454e15613258be669e0be2eb4c40000000fafc23a54dfc9cf59430047315efd02f8d2169fa51b307f5e49c18bde0452e04ee4effbd4ac2823c54431d22aa85f07dac1ed9dc4e7df06a32f5db4aef71953c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f3e6bb1146e9f549be397fbb3381171a000000000200000000001066000000010000200000008d8996188dd24e0d41170101e0aafa2cd0dcfb4aaa59819fe88111f320b53573000000000e8000000002000020000000a5202e230f43bcc8b3e87e7c2bd7168dec5d3d569206b7d4347e97e274e511909000000050da686a348f83134f4b27479477493fab85d8cde8ad0b83b880884f48dfbf58e7fbc78a0a063fe2d481765c88f707db6de3bfc1d6448a08b7ec229e9f5563a6d14c5a9dd1e9aa7dfbf9737780cb6e6c74cd90e0342e13045954535d6055c81d9c486d277362deb6aaa1651a4a2b445efb05f95f024e16d0de2a6d1e024c1c3f97e49b0d062a42c4727ff059c17c891c4000000090dfd5d6a85d4db7b3c3bdd4541501f29208984026148c659e883ebc10eb74ad9764a2e3f8a1133b8dea7753ec46a72af69dd0e4ab1ba8bef6cc731d260e7d5d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0204e24bcb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583989" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1540 wrote to memory of 1944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1540 wrote to memory of 1944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1540 wrote to memory of 1944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1540 wrote to memory of 1944 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91fdb4ce9fe241a1e9be8ac8bddc700c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1540 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0011s.replya.cn | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
| NL | 23.62.61.194:80 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e20abdc7b007a6c97583e4e150770c3 |
| SHA1 | 7fa9569b9ae56152576e8af5527c031b6d000206 |
| SHA256 | ec0b3eecae6ad4710d1586f1412f349bc9b3225d88d572a169c9497bd5f30b97 |
| SHA512 | 01dc621b7a1948062710c5c714366657f91f4acdbabac9db2de971450ccae2726464e21495ef012d219ede6cab6c5a89d525d24b6a51a65174c0bc099e751ad0 |
C:\Users\Admin\AppData\Local\Temp\TarAA0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6de61b81da748722e84360529bad2b50 |
| SHA1 | 7dd1a121640e7dfb174c79393fec049cbe8c7f3e |
| SHA256 | 1a37aa3bd82c5d2f3b933c7ebccfa071d02acb91d24664e1904a5c9ca5851f67 |
| SHA512 | 5c4807f617dd3a95b3367bfcff280d90fbf6293acc8e36728000dd88bca57f59a56afe149ae42934e1e38f7c7c724e5834846c88387052f890ad194d23b1f57d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 0d7b55e1c996442219732e4b8a947665 |
| SHA1 | bc1b1dd91200ba540e28e1885ff98b6fbe938053 |
| SHA256 | ff1d9eff25e4ee2a2804ef0c2768d2eddf9f43542cc280c809700f22fc997ade |
| SHA512 | 5b2b536c45959a96ce998da7ea7cbd3a6438fa3d9389c2b5d9acc61947a4a0493a52d1cc8759312123ce93489a3682c42542ca557ff3102db72694a56829d1c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66a246ebac5af9b6405b4a0685326f34 |
| SHA1 | 1b72dff9c6e93e2090c3b82ecbd55de1badd52ff |
| SHA256 | 77ba410689aeda61159c85f9ecd56a6314dc34cc47f55740849eedba10c868ea |
| SHA512 | df7b7e92f12480a70abe583d00b27e83c3800d31cd6a234e6c3bc926f88e4b798e0f43859498f3bc543433294a6e9c18a17dd49116c740c859526321c1571373 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87f9018b02e9897f070edf0bafc76f23 |
| SHA1 | 22ce35dc4a607f6853dd58b616df8dd6ddb5be76 |
| SHA256 | 5049711079eb6a6dfc7ff5a7cd988e48dbf5e2eaf9a2ad83a33febe9021c77fa |
| SHA512 | 38b7da85c9aadea4371d290bff66f2689c79d704b7d0bf13192b10c768d6a286e2795b76883c8495fe3e365c98abb828d882c66b8359860760fe556df61bca60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f69fd37da44c64b5b1a379e36e4902d |
| SHA1 | 5e04d210ac0c7ae7d6f119def57b778bbc119813 |
| SHA256 | 1707d17606d0eb60d81b68c5673ef16dc7ba03b141b1edfc37c3ea65ad69727b |
| SHA512 | 1cb4d8d007ff3385efabaa6cfb3276d46c5e5131b3649837809c724febb0d5157f7e92b6ed166daf1dd50124c79c950adc2be19a97fbb27e9fa8e6617cc27c65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbbb7a6961b9c96e2b073332c4ccc070 |
| SHA1 | fa27b7bf1157574aaab2ebcaafe8f1a501446b30 |
| SHA256 | 0b90c6bf6582750b96c51f172d3703507fdcb5430ced4b0da62e4237bdab0ac5 |
| SHA512 | 7db3a0d4d8500d4fe47617d1394d502afb84b17adf7207d8cb455b89d62fb99564686b6807cf0481e8526755d8ebe67864bd74760940f117b040b3c806c444cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | fa7aa49946c1888a75280f268e826449 |
| SHA1 | a77d720ac5157dcff5679f62a6aff99a4a525d3a |
| SHA256 | 43a79c176fb0904212d32493fa3bf6b1a6283550f7838771e8dc6a5cef6cd181 |
| SHA512 | 1fe344c1ce0e3252100278d30c1a9541c0ca39151db7605f0880021c8cf40d4d2afc2b231da3c079f1d96c1bfe9f5153705958a0a808b33676e58e20bd729195 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1986b7ce3353a84dd2dacc691955b639 |
| SHA1 | d4fd3305e6b4b4f0cbf33b39f8d2ac03cb98fe11 |
| SHA256 | bf09d995b589dac3f72b56371cac0c3bdb84cf62d2e967ba42592c0eb8ae23e7 |
| SHA512 | d03d667a55db9c68d80e68aa690a5ed1eea79d0978174db049f19856f8c940569bd9be05dad5261b8b3806e125b4ab4bddef6db9c3013d78000e02d9cc6d602b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a0a5cabb51e026c18056dbb9f4f3bd8 |
| SHA1 | 0c6ffec2bafe6fd35623d4e2264fb6764fe7b79b |
| SHA256 | e77891c069170383be7dc02fb193d5bbaab4cf0c9f19bbabbc2a67f5c2dfad4c |
| SHA512 | b05292a3cf62cf7b2d6ef5b37cece80d2fd35e34a981a952e3fa2417e5e3bf13b33962e606838e9ad46d7bdbc6d3a8baddbf8550b639a87591ba8bab13b97194 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d2fdeeef716936078e9a84668b32350 |
| SHA1 | 6bfc521a01d919b409167720d5ddde5dc423d54b |
| SHA256 | 7e5dfa73554ee80d7b52b329d52f3773acacb2ec19dc7f58a0378f954740e844 |
| SHA512 | 1b46a92254dd205793a0c10fe02858f05c22bfcb99765f9c9e4a1c97a35395188922a0b449733d8638ac864ec1b6659978955c2d855139633766e35e897e2272 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 399407670c5fb38f833e78956d90777a |
| SHA1 | f011892c66dd2d8b23e4a8481363962dc6016a21 |
| SHA256 | f29603dbe85f66b9dad2fd1676284e940b2e8b0e3dcf1a8fce45f12f6e7eaa86 |
| SHA512 | 778470fb69a83527041a245185b9fd456c20fc1e41af971e717d99798714ccf4b5f629b1e2dee92aa4c0cddfc5da26f19c847afa73fd9460a51337f1f9847a83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d43f4c7b0219605f7561d9770c78689d |
| SHA1 | f16ca84184249f6a1a548a44f005bde7a5f7b7c5 |
| SHA256 | c8ceea93c15a2398522dcdf9b5ab42e501e750a94fe1f1ed5d2a766ced3ef882 |
| SHA512 | 1177957f1fba627402eb41b4c89843dbb1d7bd09baef6eba13c2e09dd25b2a852e805fac4fcc84f989e121ebc256d169752e9d6ddb0ba430746541466d315914 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f45dcb58fe4a7639c50a91d3d8cff1d |
| SHA1 | 535d64cb1f45d7f2e6e178ece7d6e5991c6f000a |
| SHA256 | 57ae167d8854a80ad9b1ba8905b5616a3f2886be760156bbbc6a6046ac9eedc4 |
| SHA512 | 4119d1a57a0dc8526d88aec21c0fb78c41fec2085ae50788a45e0633b0f3732ae83adc5fecfbb53d3a558e99d82609042fe61594d7cf8eb9465e8fce5a3f92df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 605261622105375342eca8a657cc1dda |
| SHA1 | 4d7f184ef72a37b07f0213db30244827dd0cf3e4 |
| SHA256 | 3c68e28002c39751d5355e4bcf0db666423b080f0003346cdd2bad2182e2a920 |
| SHA512 | 037ece7b9476a76bd4e5be1d6ceeaa06491659eb8891bd9797e86128c0976a7f3ef385210d48d2cfd2f786a3d6208e6f71e6c63e2e39d3a05751d7bdcb8d8758 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df39db1b5aeef96151d585d9fd9cca0e |
| SHA1 | 124dd79bb3807542cd11d36f1b0dcc1897481c85 |
| SHA256 | a4eb806a282f4ed1c549aed6b58c327d5df07c7da6ddc44b4e1f32ad0fcd1ac2 |
| SHA512 | 384d9e4c54b9f073b5356278a578e6df6831f535ffd530e0f177fb0d57cc1bbfacf3db9adf8d60e7cdef9f9c84e8daec5b6c92693eeb10a431e82e90769b95f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2aa72dc852d32c03c793885b3cc07570 |
| SHA1 | 9210b550ba967b6fa9b27ac5921f19423c06f82d |
| SHA256 | b7ba499ba07df1002b545977be072c5e325b2a241a7070a0dc80f4ddc9a58f78 |
| SHA512 | 61eb48c2118fe9ba268c5916cfc58fe93df12fe0909f6df12c0eeb2d564f6d100c7c3e4b4ed1440b7819651d71c677ba8e8ee6fff98ace7c8842395a9295bdac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70c2cd2ca57f096af13b024a0dc8137c |
| SHA1 | 895a8d58784c8995f723be79b1a3f57eecc6c73e |
| SHA256 | 39bb7a62e120c9135b4329a7a0d337ab342699136d413c736b3986ec3a7d6d17 |
| SHA512 | 7492752da11a4eaee842160089dc4edbedf742bdc7e74c19a09d9d45fdb27b765762ebf38d2a6abc90421f7139f2a9eca0cb196f2d97bd1676c184049f7a4d75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c414e9477b6fe1f5856d85a3f669ad9a |
| SHA1 | 9e95a10b0871406337c246476a278725a3231536 |
| SHA256 | a81ba4a64336c29d9725ae4b6f9273007aea2e9cc70f0eacf74bcc71052a9e99 |
| SHA512 | 0573773fc3683b89e2f89dff372b12dd38d7fd56fb07f81b32e06d668e33d8076622fa1024260abf797a5d58f90558c15ef94bfdd8fe8ab579e6ed453c508217 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c78da75dd50a7723e5697f93bb6cf61a |
| SHA1 | 99fdcea2a25f6c36fa2ef957dfeb96fcb1befae2 |
| SHA256 | e7f57e6009f91a211cdc3c4a60f6ac7b96d3ce6c0bc2d8f5f8a4d066a6b5f3f3 |
| SHA512 | 5361c0440728ef7fc7fef5c046398224e08a552e471f43c9fc6da4acbc0c77cb109e005206b9de15bbafa16017b702ea764e8a6e97ab2448e9f7fa7354b85ce0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30b30bfeabd83d8fa22b74caec013805 |
| SHA1 | 79c1cd597be563e6b4a46749cc5d1e1688dd026b |
| SHA256 | 26a3a17a0da6affdb0b794ddb0f0e2c1f0bf56c8544fce7c6cb520b581edadf1 |
| SHA512 | b60f8c30e2b31967d663219eee1357abc68ebedc9fa4153156b6165ed2efa07a4c6eb6bcc84825cee2a7f3a4bbdf9cf172b1bac5581281c01c52c2c12ddfc7bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 13:41
Reported
2024-06-03 13:44
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91fdb4ce9fe241a1e9be8ac8bddc700c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3780,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4128,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5248,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5044,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5416,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5932,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5684,i,5711962389779687290,1245653010537220991,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 0011s.replya.cn | udp |
| US | 8.8.8.8:53 | 0011s.replya.cn | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0011s.replya.cn | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| N/A | 163.177.17.97:80 | tcp | |
| N/A | 163.177.17.97:80 | tcp |