Analysis Overview
SHA256
55778738af1d0eef7fbf4c9342d410c0c0d4251e99e9fe7758f996e8a36f3ce6
Threat Level: No (potentially) malicious behavior was detected
The file 9245e58f9bda149748bc5f949300344e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 15:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 15:30
Reported
2024-06-03 15:33
Platform
win7-20240220-en
Max time kernel
121s
Max time network
131s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423590515" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 403d8f18cbb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045041e866bfae14d8b02d0266f1be3e500000000020000000000106600000001000020000000cb2c66218ca4fabc4dc005d7962be4e549b51ab2c3bf10bb5ba6d0e8345ae15b000000000e8000000002000020000000dd5657138d39e9149d4d9b652e5a469f84cd68b0befb68102c7860135a4b825420000000f5076660e6248852d1f0ed20ebfd200981a1342fb113c49402a2d5e8f96e14804000000076af1fa0766e5dc7551842b07c6cd7dc36dd50fc37f0a61ef5de044de3377a98a1b42dc6d7213791b9b2a53e9a435780c08255c23c123e9b5044e2b377d3c7d9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045041e866bfae14d8b02d0266f1be3e50000000002000000000010660000000100002000000070ab93cee0dfb02b303a5c775fa8b24aea2fc72a460c7b448efd694c1d1758cf000000000e80000000020000200000008baf9f1b122e05deff58c295f5ae587bc91503a5b851c8dbc1a4c6c86f0d0c569000000019e1ba70210974b3ede84e46bfb54dfcf156787577babbc80ce15449fbcfefd5591d3d8bdc7874afc5df787a2d151ee56c8348346cedc9c961da6f09684a847f1e78485ff7e5cb9cf98f2856deb8791ad3adce3368057f3887e0ff1625fa6ddfe929129a9745a7d66ab8b4808b13c6899b82232cc5220108a8f30071a249d852e5ca8383fb77c20e92fd29b7ad7fadfa40000000da0f59ccf808344a98b15b2e9c63f4293350b06bc2e65a451e4a25b659bc3358b5f5a190a6cdb62b1e0717c436be667bce83e06089480343dde87f4982e37e79 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40006FC1-21BE-11EF-9ED8-52FE85537310} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1720 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1720 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1720 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1720 wrote to memory of 2508 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9245e58f9bda149748bc5f949300344e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5D5F.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5E50.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05b2f44c5a4fa1dfbb9d5d7f82036dcf |
| SHA1 | 467e1b138f4634051019ee8e00aec641b2756528 |
| SHA256 | 2a2e679fb1495004d0b44571d3cdd5c1b1f6ee31d82ae32371367a84137c7aeb |
| SHA512 | 388e4b2d409f14bfc2360745c937eef49678721a6db8aa6abe130288235768821af25b7d4ed01db5e275ab40dbb9a41afb0e807013a7c60fb8ca6d01ebcff678 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f60e36d25a48cf6ed7379317c16d81e1 |
| SHA1 | c72ee13bb3b23903cd692f4582eebbd046a7c8ba |
| SHA256 | be8e96254a266dfb8a06411abba66327e78aa84cdecd40aedb7fc8af133253a1 |
| SHA512 | 5ab27a3b4f39d8548e0cf10e30dd92599189d334b4094bc470a49cde16065077b6b115b9f3532dab08c344660914c79d703b51023f3e52bae503a2af431c4f76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6c0d437a20a2f5dff99dc0f5137a6a6 |
| SHA1 | 2e4a316f0921d9c33868ad0cce4c1ba84eb42ff0 |
| SHA256 | 79a1fbf92507fc2348c39587d1ba7a86e121aa4705a8947fcc11caafc2cd5b3c |
| SHA512 | c3626d4d51920f857d061c880eee27025ee5110a9978f6f327504d7c14dd5acd644a3fda247444acfa2070bdb17c54b58da29ea2bfa602bf5af78b936c7c45f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c829d117a788ff8877f6229fd8abe7ca |
| SHA1 | e0cd68d284cda94dde80be84ad7ea6e411dce55a |
| SHA256 | bc2d82d898415cd82fbaf7f51940b68b2b865a7c07e4a71d58b4f863c255d9fa |
| SHA512 | 9b17194b9172773db7b26c02b31ce28bc7636c23e6bd1f1f80648c4de6b28ec80c127e75c40aa8e76cffb59716634942d8b45f18e0d74a122630348ad4a9f190 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad48ad15c6b72a7b50567aa4f592b7a9 |
| SHA1 | 84411bcee6d266ec486c3f58d97fe131c8e76f25 |
| SHA256 | c63191b321c080aeffd71d0d08482dc632c765c5151afcbd9f4817825f2283f7 |
| SHA512 | 9a9bdebf9562dc73c97e975dca1969115d83214827fd4a3a9bddde2dcb85c45ef01fd4691ef13366d46d92a0e8353b55686df1c7f93354e14d2f246f7fc36c9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebf8cdc76228e26a64555794da949a1b |
| SHA1 | 3463a6480605bc4f33d161b0eca92f35d53409ff |
| SHA256 | 9588cc8fa9b60f3c06f25728bd7c2c42f1ae3b57e3b73d44912bd743b17e268f |
| SHA512 | 4a5fd3a809bf458a0578ce36ae2e7e7b0f215006d9e3215ce4169101b19c4f2fcf662d6d9c9209731ff1f4be972b46cea63e0157cad9628a6f6d7c268dacf9fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9da21951d0698a8d9d3cbfb9ced6fecd |
| SHA1 | 00233e82906ab28e473d52cf7f1b588ce620244c |
| SHA256 | 0f57820fcce673cdd1aa6f579146f48380392f1c4f613c4082a4c9a3e2b660e2 |
| SHA512 | 817f00773406d59c2516e93c98fd4949df9c7e366ad7932c119df6ed3f246c4c39cfdb83d3c33ce027b46606ea128051876144585cee6845d6fa45c15277e401 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69ee64396c352d8799f114553307b26b |
| SHA1 | 387a7eb1e8524661540194c1d979dce746d14d9f |
| SHA256 | d0eceaaa9d4c91b7e66fa646556508f408e1ed573505ea335a6de5b9f32a3665 |
| SHA512 | 7680bc893d0fd2fd20cc57af237c5f9e95d27b7918d3025aa5c040e54a0a5572b740e6ed5980d8f138a278ef371dd1dd1b242ee9b650c0143c88d949e9fe65b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3db93db50e86c419dfadbc0e2f437b03 |
| SHA1 | e32534c82e743718cf5f7a4e3b151b359c96c2ef |
| SHA256 | 8eeede0d09eeec78688c795d12683ad907381ec8e214c390468794101df3c25f |
| SHA512 | 20e32b3ba0a225ff52c76765b5a22da87706902477a0762c8b985c3498bd188b0f1fe6a2f5fb162ef04dfd9bcb8e5489b177106b9c12b6784202a46315e24492 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fb4dad332137e6443516ffc1ff5abd9 |
| SHA1 | 9396962627260343eed38dcab8fac67e8f0f2947 |
| SHA256 | 9dccf7b65435562066d961c043624677c3a42a56701f97a3920359c017f41c37 |
| SHA512 | 065071e5a02484d2bd7dd4f874cd6ece5ff18327001c4039dff6d0c49f16403140adae46b7574565e81af392eb8302d0e78cebfe0b98e26ce230d8fdbdb8f6bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bdb09e2ea5cc576053fd7fcaf1a49a3 |
| SHA1 | d9ce903ee657c2c414cee3f0c53e3397d17f36ed |
| SHA256 | f93e1cf1d34cf6f4b79b4f7d7b7234993eb876b2cd5fc511a373ce32d3fc224a |
| SHA512 | b6b2ddd586d10bb1f6b693a727a82ececc57ffe3a1374088193868a25a11b5209501ad056833761e20161e31997c93877f63cf3d1963550296ba75c41617d84c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2217a3054eccf8b81929f7e59d48e47b |
| SHA1 | b5e9dd2da13eefeff6fcb1550726d8ef6c3f1dae |
| SHA256 | 38eedba16fcdfb3f3055ba8bb3c9186a8654dbd594a6ac56e2befa239ef3baa7 |
| SHA512 | d90aa8116c1c51288e95a040a9a9495cac58540d2f7b1f5fceda4888aafd34843f47c4307f69e1d1b66305d1121d6d635aafe4090352fe7ed0a74e72a1ba4f72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 116475a1aa6db60109bad290806672eb |
| SHA1 | f1ae1a64361021055a5f429bf4c3772a29315247 |
| SHA256 | ede2b03ce122af91ed572e6d21c19d785f99e918dc0ba6a6d960d12aab084860 |
| SHA512 | f969e097fb91c298d5bcbe6d8b3aba6e23d4ee1ea46166c92e22e7b0c7def0091cdd781729209fddc36ae2f82e2179d924d46db88db0356f563d84ff2d03b5bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f30aaff1529a406acb9769aa969b4cbb |
| SHA1 | 9fa301bd7bb9cc8b30409cdbcd5cf27b43e1171e |
| SHA256 | a60e14554026104ef9b722865901bc8b67d98c97aebe5f23e1a0f321241e4746 |
| SHA512 | d96bc06ae0c1b7b8a6fc50a3811336eaf5b8bc8c8a3c1f0b725076760031eab9257920a367492da3f86b9b80c946c9a6cd983f3d10bf2462b53778f52751b660 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d46480e00239aef1f1bdd5feaa7b0042 |
| SHA1 | 5f7481ccb2d009d6fd0c886ce28471b56f126cbb |
| SHA256 | 65839012108101fbe6192eea51291ad1457189103506d3b99491e9a6680c6125 |
| SHA512 | 3e62a06678bdadf59009cd7968c9ab4ff0a2413fb2ec24d9635ace32ceebffd14e132a9d515452b44401ddaaad422c70c9558865073a5a45d5452c0102f66b05 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27ac4579b725d82dce4d54a4a29b49b2 |
| SHA1 | 90d2de644e483a5c0553b27aedda454c1e9e74ed |
| SHA256 | 88995f289ad336ac1cf2e8630a3975bc581d4b87369bc787e21b14c08e40cda8 |
| SHA512 | cb16bbbba1a7353504d5fdea09e0064ef2f0110198410b26f9760447a2045c57f8680538096b8177cec26dc3454fe6dfcaa10fab2bf826ac3748ce5b56ff6c81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bab0b18323fe5be06abf2ee681cf689d |
| SHA1 | 86f6dcf3966ac0e35115c0f741ba2ac9938afb04 |
| SHA256 | 608deaee600dc4ae21f539870ed5d5dad20ef7defd7bee052eceb2d241b2eecb |
| SHA512 | d72d0af0319e96817841d80a8f44dfc2b8dd4f29e4d34955e3efc6fa515196d4868e16038535332eb89706061f2f01537918c021087a60cc5291c7486bd7fe13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1724c8c4eff765e68c06d1ab9baaf052 |
| SHA1 | a5e4f2dccca443ca22494624df3d5c980277f0bc |
| SHA256 | bd4cddf4ffb3363d1f879738b59f4be887dc356112b99a66f8de51006639fa1d |
| SHA512 | c6928bc09059cd49c63b7027405111cbf5c441ce74e1c37aeb6025c7c4d575976c03f5c2d72c0bd4a4805c48378a4a45a5799760dc1b3c6c8a9493f38e5ccf18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee339f602216c28c036ab6567265703c |
| SHA1 | d672112c881116bad2c1fa1a9ebe23fcd7f65019 |
| SHA256 | 817f30b593d5d9bf8d4ff44c449df6f19d71280716b4b003289eb192fedf926c |
| SHA512 | 2bdd20431b1a832c0818fb1e2a6808a3b35c09eaee8ddea8c87e95b25e7db7d727d74f35ca6428cbd3732c5b9d436d564a315a5f47dfc28b342abbd61f3b8018 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 15:30
Reported
2024-06-03 15:33
Platform
win10v2004-20240508-en
Max time kernel
136s
Max time network
144s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9245e58f9bda149748bc5f949300344e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3824,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3856,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5280,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5432,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5440,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6360,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5988,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4144,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |