Analysis Overview
SHA256
56886a1aea3e4eb6fbf87ae8470daaddc0179771640bbd000add9d500e12f4f9
Threat Level: No (potentially) malicious behavior was detected
The file 924877e684aa41ea4386a22adead4914_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 15:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 15:33
Reported
2024-06-03 15:36
Platform
win7-20240508-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423590696" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000627767c3544d4af68d26f049f539aa208e964797c1a2c92892417266d5e36068000000000e8000000002000020000000d875d9e2cd982958d438b0db6afc544498f242291a546d812ccbe68cedc9e4be200000002253a8cd7481ac5d3460c512c284c1111a49e55b32d9a91eb09fdba31aa069ed4000000064d7c607e3304bb67ebc3c48b805ee9217f586bbaed9d8184d7457f92b5a9b8d56e489cf1e43c69242588ff3b6a4fb5073131ca96f7ebbcdd2408b29331d8e00 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10740285cbb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC826BD1-21BE-11EF-8E44-4635F953E0C8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a230000000002000000000010660000000100002000000080677484cad2e221358f81d7fdd17bc54e5e96c29ffa46f31ddca8b493f5048f000000000e8000000002000020000000efbfca1c68ee44aaa2f99120a2d1137fcbae59323eb0c332c7afafc342f23df290000000e973a19a84e9218df06686a65b8f7001f58dc210448865f678d601e707e115f6f7e79ee621f1713085be58e96fc03778c4e6b0f4fa1e8c54c5f0b17730fcc22a7e08221ddcf9b923dcd5d03d6661788632db059b24f9fd1e5ef5c49fde7b666c2a040f40a3740899a054db49c2548c1ce442a08793c39c7bd88585dd91e41feb29456231bdb430c3f42c6c8c8419cacc400000000ceedb7595a07a3b7fda376cf45d139dd9b54d513d3585ad0cea0c36fe0615cb226a498506a5437051a73238adf89b016e01f265ef3a75a2cdff60a3e5408820 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1688 wrote to memory of 2148 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2148 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2148 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 2148 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\924877e684aa41ea4386a22adead4914_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab63E4.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar64D5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c8fdabc06a5a176b61d888bc5e17bc9 |
| SHA1 | 75a865020cfbbf46cc96b2c71d54b49a2b7e0de8 |
| SHA256 | 87a76657bc4ba57f514b7e322468809d326ab054de48430164b97e6689bfba29 |
| SHA512 | f40874f118b08859de9453d33c765333fd49283f037b20690cad4036c210d1806bb9f8dbf6b6e78130351d46f3e6735c520c63e88e3545ac025ee7a1a5ace009 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1833e39e4f20aadba5f8a6c1afffe55 |
| SHA1 | c2db90418be7e7fe2b04fc865c1334b4f33e9f0f |
| SHA256 | 187a15d54871b3ecb06b3c841d19c49884970b1296439df56191707654ff319c |
| SHA512 | 2bb7c17c565a090e3b0f9c5b6c95a456c37d00a4ad89bc71d4b958c47ba75bd482975d8034b3b9512ed6a4b7e21cdb820f1cba1c26e093220bbfbeb0fb897826 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab45d88f86bc7113973d4368d68d1566 |
| SHA1 | 02ba1326dcaa7b10ae5c412cd7fe7ecfef1cb125 |
| SHA256 | 1c2237d965f62eceb6bf621ee30ed306936ba7cfadd7dc182da7feaba9262b3b |
| SHA512 | e834693b572129eafc7a2c08a90aa65c7ee547b5b79ea135f74186d8f2510935831ae20362fd09e1b2b1799675132069f4cd26279628b1c89a9becfcaa67d50e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef041ff8d83f7348a5b2d761557facc2 |
| SHA1 | 53884d78c957f915ed33c6438ac665c458a843ea |
| SHA256 | 77eb345bb3ec0c62bd3c84a1154dfc840aebaab23415dc81e972f3a9c07e4ddc |
| SHA512 | ad82b3f1f105906ce9f2649104a071e3e03399f4070118b360ec7fd089dddc2723a5c3378fdece431c1b260dbdd7dd3bfcb2dea55cb52f6c2b7c934c22a832d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db9c9602fbe3cb14c2ef0270c9085327 |
| SHA1 | 8ef8320baff4e6569f66686c2bb23546660a3d69 |
| SHA256 | 129ae752a5356332cff8375437002825106f5417391a79729e698f2b714b82f7 |
| SHA512 | fdab4e6280cc46a3ac1a80052a2a4d286fe3877a35d8c6d64e3a624625d719429a18ceb61839905c8008101b6f757ba37a7ea83a8d69aaec06b9172470ae75b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c1a829bd82c79892460b36cddebae5e |
| SHA1 | 42730d23755f7871ea933116608536ab7cfc05e0 |
| SHA256 | ab674ab6930aa029920d6d01f218368b7bf144a8b6498fc203858af267fe2ff0 |
| SHA512 | 549607dadd6deb455d6407827d6559008cb1765fd187e0abc735789ab88b972fa622d25100ac8773b144b8d9e80a3209d6923b8fb2b9f0beef5d3381c4fb71aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae04dae725bf0e770ad64e224a6d0b69 |
| SHA1 | d2b08ccddce2c0e536c7345f49ac1893876ba8d7 |
| SHA256 | 2819f7462ccb0bb7bee56a7ab9fc7ac250f61b3a3b89a3e1a8dcbbfe0d7ab681 |
| SHA512 | 451d2047bbe375fb86bba1e7e1000ebc32d55f94b75d519982a19df8df0d435e06617cced4e847f863293a14297a08e3627ce319896efa448b5fd8ce823885d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3336c1e1d1658fcab8b228b3d69ac371 |
| SHA1 | 0b0466f561991a314fc153d446590d0f22e7a15c |
| SHA256 | 2bf964d97b13cb07b9399a0b4553080cfbbb02d05f8119aae682fb32a466eaac |
| SHA512 | 22757e1a17c99de00c128db898ecdeb4aeffd4a4331e7c7f4d0b1795954a41a340595f5cc64fe16d68a231d4e19b821163420bc3037c41f239d7ef84466c5887 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18826e6bdb07de7982c52426caf4f209 |
| SHA1 | b912fd28c7c06ec458b4031f9e2bb45ac4f582dd |
| SHA256 | 96d738104549f7362d7d6cc5f76a28f39a41bba5debb4518dcd4a1f0ff13a85a |
| SHA512 | e6c507a0ac5d04c25dfce5f804941b4ec3490b88634a82ec064dddf62cde2bac12a4310892025ee9cc9be7e944df234f4e94a4413598decbaa4de58516fcd4aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8507d5628c9de7e0294dd99ae689a945 |
| SHA1 | d63a273c1e05e19d9c71629890fb5bff9d4000f7 |
| SHA256 | 1f4d69c3278a14b09ee29ad77da8ae9fa84f46bebd7db30d37a2a763f2c018e4 |
| SHA512 | aedf7472e1fb052ba2207092de146dd2983892f5a6111b246ae514de1f639d9250e47d56003a92bb9a4622fca6294c1c10e379ed8ce184e98e4a1798e7c22459 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b139a97f2f3b34e3ceda7593ab23223 |
| SHA1 | 16a0eb3bc643648579538c36b5a2ee6f5c32026f |
| SHA256 | 52a8e89899eae26636eb053beb0f1751f1f4f596c5e101bc609232e8f9a7bd8a |
| SHA512 | a72f3b097bee501da1ff8f37d2dfb56551ae3f12bbefba1510811db5d232b417abf15deab2c80dc933c258749aa016249f0043fcfbca5943949fe484d3ceeb07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eeff5675fc76ea8e6499949bf00a76fb |
| SHA1 | be382abf52b978fdd3178babbe5041ba5e58d95d |
| SHA256 | 95439a6c3d23d2e57c36cb2f70303b3ab4e979b6c6b1422fa7061814cb300863 |
| SHA512 | aa1320aa3d96682af38c9cd61b459a6acf1fee12d71b25f9c738f9d4a5bc5314aefe6a4b1b18d65e2f1736430fd904cb52e4f8cc3e8bac787eecde1ee28e51b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b6f0c4af040f2233a9c26214ed7e097 |
| SHA1 | aa7fcc85dc8aa767b32238ba5c4b92a00aef524e |
| SHA256 | a969445aa8c5035a4755354f9a326a010455de0c1a4c247c301cc3266cee4c2a |
| SHA512 | ff5f5a39ed471db12f2d35178f590c723520d2a609892b06b349cd458cfcc2c108bfa79f2e9536ae09963372fedb11a20f1d159f210a9871e2caabaab0de478c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35c4f2352109e9ce94270fc3f8656163 |
| SHA1 | f42967589a6535742baa9c4a129f72562b6b822c |
| SHA256 | e265e4b452fdf8c04aa1cdb1c67d509af76b47c1ead1510ad694c4910d5fd640 |
| SHA512 | 1042c28d362e9ac6f7813e228264f6d4a81c0849f7a407948a11af30f7b461b4bf3021dafb953084db452078e7b71de7e47355d3acf898c7e0e75749df6cf31d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eae9d989a2da133dedac8797df4f6837 |
| SHA1 | 9ab19dcc8b997e47bfab1d78bcfb5971cef4b2d7 |
| SHA256 | 609a3d741845a70fe2ec1af64c3a6673aac830a73833a65988ae244bbe2f06df |
| SHA512 | 1395e4df37017160d73485561e1dacbf4b34d6946aa7b221563a58962fefd97853e181751330dccc87c08cd9997ed5e672ec1764e99511d491149a61f8af3ea8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a95fdf30a10afd0da0dd8527d2dce6e1 |
| SHA1 | 637ca9e7d8cfbc45e05e24a1aadeb034c235dc74 |
| SHA256 | 4f3bfddacb4f910c0e5454647eb525c09efa88098bab36b4e6a0efa0beb5146f |
| SHA512 | a2a786043b89c82114efde3f696fe7caec49c095a7412d6810500a227a3d52574c22d0269a8603c0e301896a5befa6ed62fe7d876c54eeeae0f45122d27bae61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfad88b8e9a0a9b0b021d5dbda34bf18 |
| SHA1 | 77e8c6bb9d0ddd72b4f6bcc7c5c33675e8524cda |
| SHA256 | a47527a5630e04ee51c924b49a55701981129958250f2ed37e5121288ca263f1 |
| SHA512 | 08fd21c71a597aaec3dfbae5d55a2e35368a0fd0770b8dd26bd4309c764b3ded0110c569e7d139b7063367afa0d02a18de66959877ec1b73e692db781a2622fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91d08380ac504aa1893a883aeb6221bc |
| SHA1 | 74d8c42d0fb7cbb2bd5fb389cb5017a58f2145fd |
| SHA256 | f9f918c94ab864da7a6b6820c2068661f8264bb9a15a27c7de392cbf3e80db75 |
| SHA512 | 2986c1c28a8d90b586bb7e8bdfb3d896afe0f767adcf6fe912f235951bb7ce1b138f5a1c002bdd3a84673ac9dbe6517f11006b287fb76b8e541f5e2f0e388b70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd4630104e86351bb7d18c87856457ce |
| SHA1 | 7d98d8e6221766149b1418c3ede91f25a45c8ec0 |
| SHA256 | a1cb020ad5cb8e71637db04eaa9e6686dceae9218ecfda9c147046c6ae6519a8 |
| SHA512 | d733d93afcea86d3cae3c7f26bb169d4f74a3eca6ce4f6247ca7e317f763cf703f0a7dbb5e4ff610ab3116532c6ced099fe3fdbd2edd243c77a89d8b244efa64 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 15:33
Reported
2024-06-03 15:36
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
142s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\924877e684aa41ea4386a22adead4914_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4136,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4140,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5240,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5280,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5456,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5808,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5572,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |