Analysis Overview
SHA256
a8371f8dc0e30279faab6870cceefaa565d327e45beaca4f5ac5d2f3c555817e
Threat Level: No (potentially) malicious behavior was detected
The file 924857449be68bca30e17f2fe0ba213a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 15:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 15:33
Reported
2024-06-03 15:36
Platform
win7-20240221-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000edd5b8125ae3dd46a04a3c578c9e14cb00000000020000000000106600000001000020000000af6760b9b16e619bd884326d2858eb957ab2d094d182a835b6c3509ed6585e30000000000e800000000200002000000032f5e9aa45bbd459275d7b1d5a671219d14c4af53536b0ceda07cbfddbf56c8990000000b6ed6a02b51787eec21e61d39e45dde5893577e247233f01d64598d60624d0e7dbd0057880c409b61dcebe8a3a45b558557af3f9bb67cf9ab1ec82654975ac22e7bc69410da4a55d75133a974279d21bf08420def722b8647217058bd6323c0566271712862092bf61e836d7283a8914f0c23ce6944e6f09fc994cc4c3357e20b766b1f298643dcd8b8d688c7734bc7c40000000624f8fabb1b48c913255a79ede2b01c59e39dfd6762dcbfaa29f0ba7f68750f782ef361372f78391e863a5655f794c9aafa9b365a251f6427f11eb7c5190e234 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000edd5b8125ae3dd46a04a3c578c9e14cb000000000200000000001066000000010000200000007c95b4235b77b7f5fe55570ffd0a10d8e8a2d39ca9a483992c50fde8f5d2780c000000000e80000000020000200000001b61c64cac0a408ed35e059289e9940e1b94fea1384798996ed9d61e6c44456e20000000ec47887cc3d83999f964320eb3acca4bc739896b3bb6ea26cd1fd5845d4593b740000000e1ee9f014f5debf2c2adf9a2805c14e4898c468079041c5ade83fc41660f1bc38fa688df2e19c88bb98880fb321c1e55d0bb6b5b44a0e2b4395baf75c282977c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A555B0B1-21BE-11EF-A293-4AADDC6219DF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 209e827acbb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423590685" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 3008 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\924857449be68bca30e17f2fe0ba213a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | partner.googleadservices.com | udp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| GB | 142.250.178.2:443 | partner.googleadservices.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | f6fe7c5ba28f04f8e6e7b411dd5b0ecb |
| SHA1 | 0329da63c986c5020b1fe70099582bb8cbe0d607 |
| SHA256 | bd3c1f4278a7854aa7f60787d88301980d6829ac3a19019bf46b5d147caf94fc |
| SHA512 | b084f3049602e8ae129568ff2b74b86b21aa657dce8ae3b462f467d25b29381337ee311df5258257a05ec670b5b7f4d8f6224e9581612890076f2f1b29a114f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 13ed5e0369cedc64c8437eb9a493a981 |
| SHA1 | 880053c91809fef7b2a3d688143f554d5a05c0bd |
| SHA256 | 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454 |
| SHA512 | 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 0e3a8fb91807f52999cf062d301d6b4b |
| SHA1 | 67527c9a37b3604490d14b0427e1dd91ee070414 |
| SHA256 | ba32d290eab2e3ea32f166b66c53e3dd66f7bcf04b900bf46266fdf1462b3936 |
| SHA512 | cb2fc3f69acdf085a5deaa2b58fd13a93a61635c15842baa3aa3ed5d9a9915536fab479b70d9d84c1d5d20e79873392101e08ee8c78e233d12de9f06e5c68b69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Temp\Cab190E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar3094.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d117339fad99cce2f4d1c8ceb6e799f |
| SHA1 | c95a66783e5c337e040dd9e3e31c2b946938e07b |
| SHA256 | d951f01640cc2e064e885f3940f1bfb7310d9b1875dcaebe858b3ff14d741c3e |
| SHA512 | 08a9a4f25c79697f0a4def0c5d9db5290707a46ea4eb552eb9b384c2c541e18d5069fcad2357ecf9c4cce8b374c43f25815699e963ec548cf38fd3f6e58ed4f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 727eb3e3f02417e07f36e62f334b7ae1 |
| SHA1 | b59ed5dc011cfcf8e5e30cce871e4edbca70e4f3 |
| SHA256 | 30a35dc3558e4c54aeb7801047d78d1090b005d8c8438955a7a89fa00ddf2a00 |
| SHA512 | 893607146bf5493a625785b96d28f8665b6819e0a9920f39d3d231dae1bcb744b5e60c0f810485790a221b24e954f68aa273ce07220a31fe09b1fdac40979192 |
C:\Users\Admin\AppData\Local\Temp\Tar3196.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46b4369bdc7f304aad1e96fe7751e4da |
| SHA1 | 5673bca40c1262a287c5da9460013eda08450e11 |
| SHA256 | a0f912472c1d22278b3dddce4fbc483c7dff26b09a1f6c9c9c8ba4848a696512 |
| SHA512 | 2c98275fc559cb192b5629cf8f044c6c8390181ffa2d35c445b280b6cf08bdf546952812c29c3a13821d90456778c716977c24cc30838fc92b6020cb32fa9fc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 940b0240a1dca76ac6cf8d0a776c947a |
| SHA1 | 5eadd992fda1ca954dfcd22c0019f3a78bed47f1 |
| SHA256 | e40ab1bb8db879e1156aaf76e7d7e37b7e9838fc95ba15d02b4b6d7178f7e95e |
| SHA512 | a22d3492fde42d45f17874367fd74d6aa50ed566823fd41a7494cf69b4d80c9b2d5953d7ca37055858e71a96b735f742b95d6c680737101f20299efc8da85858 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33f61a475403872cd722a34a4a1b41b3 |
| SHA1 | bfa5a7829508f457c15d0162d9d6c9404c1d5aaa |
| SHA256 | 7a4cea697fc588af6d6944f5cc0e5819b215e0f306842b6c7eae71ce8e2bf126 |
| SHA512 | f1d9f80a8766b9aba0399c372f60f9ba2f2dfcba6b3acccde75e0b5270dd340baf53fb8d82f78884699cb5ab764fcfdb9e7b83b3591f108c1d65ed11225b4198 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d892f7a19be19d55356d2962c383d467 |
| SHA1 | 5d5abe37a19522431993d221de4d1f13092906e9 |
| SHA256 | 0150170d140270fbf6f97e54d14c341a8a57d66b1b8362cb25bbf3232c3734d6 |
| SHA512 | 1316f615d764b5c917fc085f88f332e62725e053f2d4b2b78f3ed3c632ca6a67248284b4c7ebcc85b940926e563578c06a3ae49b48a6b1c66276f7c59c2ce73d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb2fe2a1f10483b6ed918e2c78bd990c |
| SHA1 | 5956ba458b34b00f58f39e518e191ed175ada4bb |
| SHA256 | f68bfbc7a8e70a67fd81479ee4bb198891493908bac3ca09a44d074db305f52e |
| SHA512 | 8fd4eb02799dbde69b7ad3410d459b05a8ebe5b7a7e6cd848cb92c6e4daf55a89b029eb0ecd530c4142613f42fe411a526023ad35507a8989b53be218a81d11c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ee23a23d6e37dc720b69c3f16bb483b |
| SHA1 | ad54c5059278cdd94a78cd48f110e94384016c22 |
| SHA256 | 286c48be0dde54ea3ab783f9d3b4e6d7d0e4b54ba15cc474bb553aaa1fb70f85 |
| SHA512 | fdbb2dc355a89dd9839573bbc3dc4f6451b30bf87cdf69c0b9fdcf00ab6ee1f58e25a4bdb54d719b1f7895b8667f4b043d4991261131bad9df35b69b3f19c449 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4eadacffb6b7e2df8043336f073e25e2 |
| SHA1 | 19c2d66a30949648dcaf9102c61a676eb2bdd461 |
| SHA256 | fb5fb2917e6dd09a3bd9cd721ce98044a273a1e9f4e7bd4f7962854f64ae658b |
| SHA512 | 607a969c3d7c4fdaeae061d6516e5a9cbcf01215e168d8b9bc789233b901f9d84fe1da8ed43eb9a5a2a3ff293094c8267e0a627e3da9843652da1781194ae57c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0348da4315e45375f8bf8ad8c090517 |
| SHA1 | 788a84cec676c0f5ab9e7900e7a6d2e07c4384d8 |
| SHA256 | 62a85227c3312fd5a75c0d83ef6c6dadcff395392b41ec0b3e6f7cf41d89e7a1 |
| SHA512 | 56c488743ce56cd6f03dc0bdd425db9d3ede28662b58473f60962a784be88fcc67b6308ecea1627e4827762bd989344e66e19eacd3ed49fa9d1d9fca74dc6172 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b49c8f9966d7115b7ba9818f2241db2 |
| SHA1 | 42bdceec79236dd7de70b0923fe65874bfcf6378 |
| SHA256 | 470e583ebdf1c8b1a62bb6baba4d662b77e80c1e0b78a6a4feb05cfda842bc4c |
| SHA512 | 9cdda7020138baf37680fdd5ad3dfdefcf6e93bf14097a46db51d611f1ecadc1086df4696dfa74e6bc017aef09d04c500c3d4f36d9a31e696a52cca46ac72595 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53310e305c6bf700a5268b777a33d3a4 |
| SHA1 | dcecd0fac41505532dda9b4386b39f8069853118 |
| SHA256 | 24f9a935d68b5b9fbb237ad48098047d776f741baced70d6a5c64b15b833fa98 |
| SHA512 | 402a930409156a22911dc3997796df96e11d7ad180ce73fd9fb7aaef3a1ad439612031ac6c84997eb012798a44a573540de721f993bdddab1d8866a9cac137d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | d537f95a0c5b948c7445eea0afe9bc0a |
| SHA1 | 67f7b9de2e1cc1d212e6e323ef2317cd6a33b103 |
| SHA256 | cd09a31b4f11230045ab05af58cfcee991a800915907f625f0eae6679057eb2b |
| SHA512 | 8f1daaf0b05d95dd1e9b5cf93e1d54ed06612f7b25274982cd3889d53b89f52fb7a4e1200958d6e2d028cd8385cbd2102d1177391e2bb59ec9d43713f8a5561f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a024fe6d72cb2d23a116c21e95761924 |
| SHA1 | 36e5938ef04847fcd776b07c8208fc5bb698d6e9 |
| SHA256 | ba4851b4d2ad9597b1d31bc47d069fe928da43ea37a5008c5eabd0b13516fa14 |
| SHA512 | 08f41cf6f5954bb505c210307e4e99cd602b08e7f3c4067c8c83cd1aa1b4f604799d6ae6b7cc80a2cd0ac73fce5d1513096fa4ec0964ffa2c3fd1ee6f3218405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9c6ad8f467807dd24f52c07546cd8f8 |
| SHA1 | fd06e9fd620c01a49da1368ee45ad188c2700c3d |
| SHA256 | d74e6d39c1930ebaf20993339f0683c1e0cd45a5a32c170dba2a42e7f372b9bc |
| SHA512 | 69883049cbb3617810255f1c8cdc3444b25eab0ed1aec5e364f4ffd17eb1aa61c64b47598c3513cc7462cb94a5f8f26e5a231c1f371e82c130a5fe72b6c3faf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4b055d023964d9687042f086969ed3d |
| SHA1 | 1fa0af863897c38865ea16298fee2f8560ee55f1 |
| SHA256 | 8780e74d1be1d9bf57016ac2f0f50720e9e9fff7ba94d7a7dd26101b574335d6 |
| SHA512 | 7b7b6c4d41b0e91f9ed4d258ef2338291e0830ee51a519c3b772e4303c4130917996bb50090ef0091e00288063de82c9592760f0bf219b6b85fc14c883aa62d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2eb0558f9c87de3b42f946324b99a8cd |
| SHA1 | d188cb017ac8d120313d33ee3478616fef07dbdd |
| SHA256 | 2bef9d3e9b4aee332bdf6b1f0c33d5713350b983124c9d57803cff8936d4fafa |
| SHA512 | ebea688e6ac16ebfead8a7eb66129f602d20a2afa6636058df421312bb1a647bafbab3a147943260d2594859fd34d4ab949f0b719b50bb78e21644453001f7d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1aa8dcd384adfebb9105cef3f87b99a |
| SHA1 | 4624557e3474f2a667a1a68390e8e271568bc73a |
| SHA256 | 171fc221d00d07e42f72819fb60583a07e2376616ad88fe282366fc0cecfdbcc |
| SHA512 | 578d909343e7a9085febaa6ceab15ecfb652b6e1d1610d65a7b55b360dea7bef6f1c2dd9bb00c26c50eacf34944085beed239f18f1d071c0ed031c6661a85ffc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 50319a9b0ee8694880bae663ec3e4664 |
| SHA1 | 934596a366865c5ddbb3e29d48d706875451012c |
| SHA256 | 9dd77a39c7798a465386acdf776ab6e0e7923f3fd8446fc9a1c6b51f39087939 |
| SHA512 | 4805131af951eb0f15706415f7f3720288c5ed5de68acefe9008b1e9bbd35ee97cbe31d7589789bc1c6136b749e7661e3206e244b6b73da526e7e4344633b4ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b1a5e17b7e42d5c86ec84089764acf9 |
| SHA1 | 6106706fd747a87ed480b86e26887b773b552828 |
| SHA256 | 51b66704cfe66388321a08fb7a5256e82a49910c21fb539cb98ee64348f70985 |
| SHA512 | cf31674e46a46516b4334ff3d72aea01275ca5488e1a572bb52fde470a68350f9623a4707e1c3e78dfff548f567304c927ef61ef106d4d92b3e6ba1f9f7424d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f23795170c4e9c337e1c4b36f5be3e0e |
| SHA1 | 1b1656e5ceeb3b1265d20d71ed53c953475415cf |
| SHA256 | bbb8692f058f8435f110317adb8ca7ad142dbe9af8069256cdbcc730556ff790 |
| SHA512 | d2af3b659c598aef4fc2849ac6b8c8425262beaccd157c92e372f438bddc6803902924791f6f956966ffb96fd192d6e92f9fae5229fa0cf617b508f90971039d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 15:33
Reported
2024-06-03 15:36
Platform
win10v2004-20240508-en
Max time kernel
135s
Max time network
144s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\924857449be68bca30e17f2fe0ba213a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1436,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=3700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3412,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3840,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5336,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5364,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5864,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5352,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5788,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5824,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | www.adsensecustomsearchads.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | netbusinessinternetlasvegas.com | udp |
| US | 8.8.8.8:53 | netbusinessinternetlasvegas.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | tcp |
| US | 8.8.8.8:53 | netbusinessinternetlasvegas.com | udp |
| GB | 142.250.187.238:443 | www.adsensecustomsearchads.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | netbusinessinternetlasvegas.com | udp |
| US | 8.8.8.8:53 | netbusinessinternetlasvegas.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |