Analysis Overview
SHA256
76b2acba7a68980da119f81014c2560c727a1bcfb9cea1c80f966b05c7fb20d4
Threat Level: No (potentially) malicious behavior was detected
The file 9255781b201367cfb9c032a8d92171f3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 15:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 15:51
Reported
2024-06-03 15:53
Platform
win7-20240221-en
Max time kernel
132s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fa9873586923a542b3823885867f18530000000002000000000010660000000100002000000031bb9f0b87b9e452068d611a9e28f77e3e4d802d6b8b338e9f8746a0f297be36000000000e8000000002000020000000d0c04333066cba433d4408e6420a75230a9674d24ecf3068f436df594d2742212000000096c6e0c3fe7c1e2b52d25542b45b6a653b33138695ba4bb003f25f819ed592a840000000f23cf93bf84614d1d590452fc70f6f608c093ebed6264a590b262d5cfe2c9c4af27234434410d944428fbbf6a2c3974d65cc3f4bae5d97bb87f2c22073a8ce41 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DB7D3B1-21C1-11EF-9E38-E60682B688C9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000fa9873586923a542b3823885867f185300000000020000000000106600000001000020000000487d51590f5a48a20cfbf7bd6a4a1aa91705d7dd63adb46800af05636a42fb72000000000e8000000002000020000000110272712a2ed5dc8576916d0fe53361bfecf33ef0ba997ab720486ebcf07cb890000000c2ba5cca80f7bad270846a5c3d1334bda050c4ec62ea4561fafd453efc05e32866d96f8bb98749fb9fd6e2f0f91672665a9af2effcb698e77f0a818b42845cff902f549424fb2242b5563775a4cedd9223822e63074ee7caf1542ccded2e6558e754e50fdb62d338649ddede77e38f870a256fe21115a3837785fedc6fd037095ebee8cfb2bc9ead1bdf26d92dee7f8540000000a84beb2bc97f142a6c16843599a5323b23f3df0dd362d3761c69da71c7e3c9f1836d5e31566892c661bda987b2a0e1d5e473461ddbfc448b41e4470e1e41da14 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60dc3ef2cdb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423591746" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2256 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2256 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2256 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2256 wrote to memory of 2544 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9255781b201367cfb9c032a8d92171f3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2256 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab397A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c57c50bfa491e6711c6cfee46c164eb4 |
| SHA1 | e5a5796d61894cbd9293137ae8773d888ef74bed |
| SHA256 | d8b1b39075552d2900dec2a1a4ed22474c0084146458d544d247723b0e95c1ac |
| SHA512 | e747cb836f43172f800e294c842489a7bc6307776ec5bb238862c2acb4e6b052be01c2a1deb06d898c488652d97d8f213c05d83e8d1eac32b4acdec7c56c7b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3A5C.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e5367f639a62e94755787faff28b6a6 |
| SHA1 | 77223d24cee87e3e8b0671f385612bff8ca5631a |
| SHA256 | 4a21895d0e18b88e37f50ba8c639342481ca659e5aa3c86354adc24c412247fe |
| SHA512 | 80a5d25253cf725186acc6a350f8cfddb72d9c6a5f795f51a45796ac3b0d43ac4a31b64c284f79768a56c02b03bf20095d5c6cc52bb1ee6701bd78f68f2754cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32ed0de0ce07fc6b663b066f4ae1bf70 |
| SHA1 | 37c6a6b13e0714708f464c1c49572d37fb52009f |
| SHA256 | d8856b3cfd482f41dfad35245af7452868fea292b21993e8cdf47d7cff712e40 |
| SHA512 | cc0453f3e35082d5e565cb821a272a669b58a42941b17c8acbf2bd74a753b2699f8e46a623b1639f4bcc59937f2f0476817b3b18317128ebbae67227ea4fc476 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bc3113d7d1ba7d14c52d0d42c9ce2f8 |
| SHA1 | 4ea1ba2fb6bbf90136135e3c93874910a4c2585d |
| SHA256 | f0df83bf02057a18a0eda5b2dd910ad681b400719d2369717104dcb501f27da4 |
| SHA512 | b576f8191611f9e4f4b50ae6615fe0f1bdc56e56da8e09bc76c6174d77653cc3f43d1bb51d1c9d3c4b74d33e3e9d6edf5e32f1df58c1d5efef6aba64493e6c93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de0ba2f7b3d643459093aa1318f2e3f7 |
| SHA1 | 3c1134e91eb8a0a62bebd26da389413c4ef375c1 |
| SHA256 | 295b8087f72de2e5d7eca8b6673e58f745cc1dad782689601a2eaa92e31d77a5 |
| SHA512 | 8c0418dd332ab1be491457a175804aad13c316437e520e2ff385a30f81e976df31d1447797bd315ecb82a6147c556932a4abaf6cfdc60663470c1df49f25b0b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11b27881d6d43ea8935525b01fb7ccf0 |
| SHA1 | 11b3326bafa9df2a669ec4a86e8cf7e5dba85c23 |
| SHA256 | 0387afebbeb53ee3f4a31d4e3ca6353136808b996f0ae015744b7c28912def18 |
| SHA512 | 727066c7911a124abd2eb905a536ff8fc89b5b0349d10e83cf22c8a427de30f21200a890983b2327bb102b59749ca28556078133db619f4bafaf966f3be6d38f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0548653d427a9fafa6dfef7bfc3ba20 |
| SHA1 | 0a0c2e51be1789682034ebe20a02b475a9e28d49 |
| SHA256 | 14795effdba6e04760cc8a316dc83416cec80cd60790dfa0f1c33c3fd115ff38 |
| SHA512 | b6ca4d140cf5ea0c0a858814ca2740483e31ff1e68479f4342b8f10b3e1d067c30e926a2654c75da156ee27eb0df55e2372cce7949e5e5a89b565dea289c571a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38e37f63b3f78e5f559ad32cd26591e7 |
| SHA1 | a27480ae056d856a348a1c2a3482b2333dd8f0ae |
| SHA256 | dd98be3d56bf5bb3cfb9242ccbc34ae3d35e27ffff8aea80d21329c44c77ffc9 |
| SHA512 | 3877cdc51a7bb9a1faf0086540e67a3f95136b1809c34fea6207e9acea80b075bad0e4bc2456bd1ff89fbb234c7200642fbae4195b969e1f9d3d4cd9a9d5494d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 418d8ca350fcfe39e0ea85e0a6e767f9 |
| SHA1 | 5aacea10dbe527de3d1ed4d02260a9ec5b2af903 |
| SHA256 | 2a8ec99f47d6e4bda6cfdb7818ce7aeae7bdf8cc46c2055f858a6b05e8384097 |
| SHA512 | 1730882797f4bd1c707a1a93dcc84cfad1a3d98a2f42d56849e8f0a1d081d1f7b9e8ff4dead7445bff6b8bf8354c4559e02bd530abfe7dae595384d857937415 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c32054120f23b26851cf067a52a7a5ce |
| SHA1 | 81d362ae51c82b81bc8dbe2cb640f71035a1e1f5 |
| SHA256 | efdc835fa0ceb70f674fe754988d60f91c795f6997d831620de64633e43d391c |
| SHA512 | aa1c7c2ee128986255bbcd52747a35211bc68568b932c4689d51dc52c82c731dccfe7f5cd83a97136293ecc90939e4750ca99f4835a75da5ed475beb6a617b20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f143da9b0bee1d62c9ddeeaa6950a42 |
| SHA1 | 2d7e87ef33f6a43a6f5754c305704ac3d41793ce |
| SHA256 | 54c8608ba9c1faa20a4beab66a3dbe397617ac29b5fa69b6192a40734df9856b |
| SHA512 | 80f2c74286165cd8c8088d9fd75cdf82f427493cf8836ce2af877aa9fa7ddb6c98b0c246bdde5f5aed4b09c718bc8255013d000cb736260a6e2bc4e8db86dde0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7492f8dc514b50acd50f5830950fba47 |
| SHA1 | 296b90b6ba3cb2da601547ad9930d43403133c6f |
| SHA256 | de7f5cba82f607f5c9a9e72a8db36cd2ef21f4128127a1ce692e7cdd038dafe1 |
| SHA512 | 44fc3a581303b9dcaa43ba91a04e55dad2637b6508bd77de60a0fecad94bdfde9cc0ca979b00f94f2150039b38ad7c9a8748d327544a4180049c5b64c8ae9175 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4446bdf54b4daf67c24b256f93495dba |
| SHA1 | 197ec757a6be9f6067acd4b96fe9d8c0a0f12ff0 |
| SHA256 | d23ddcf036071ed82102c2cb199ce18997da12ae5edcb04c51f66323f7e615cf |
| SHA512 | a04f7868eac2f6a83cfdebb9b7d9effbd9ea4a455fefd2a20c805c704ad42840745506e5a9fd8cffc0312a43b015028c7ecc09720272fc8ca68354d47e2f486d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8c26d15d89aaf74a10d3cbf62b8f59d |
| SHA1 | e4e8d8f9cd4d1371b54101504e24648f9183e220 |
| SHA256 | 56ff9413bd650f5f8352cdfb552012a182e4f71e4bb3131cb2b970edb794b0cd |
| SHA512 | ddfa731a6e9e2af5a1b9fed84baf8c0694765cbb1bb603aab8a7eb7bff2e6db6865e95d809233fdbfd7a00ba7e84634436d8956be0928d34a6621869451bc67e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a0bd1b3bd36615275476a3cf17698a5 |
| SHA1 | 53814677d47382fc6830a7b8386ac73fb85395a5 |
| SHA256 | 079e026130241a18055db8db6bdf7357b74ea965be282a13f6e57702846fcec0 |
| SHA512 | 8eaccccd72bfd59512d71ccc6c70673d403ef13ba26354b60f538211aa7922d49fb845203c66c417af68d42b7976757a1c7358c3b0309b13a3f9c400ecf94b3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f17b384de85ccdf4240338c742df7ca |
| SHA1 | 7c75a358c97a0ced202c011e9049f6fc91a1556d |
| SHA256 | c74ad644f71b88118de90f0da36f623049833267af7c408c1779610a5d6cdcc3 |
| SHA512 | 08ae77a5dd40f378fd7309ad20e41a3723cec542de808fc930d618c8e740e8576722f81cf8cd464a2212d3f9a05afc7fe2d8c81e32acd866b420ec6478c0174e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4af31fa69ceaced9ce96cced5bd71ff9 |
| SHA1 | f1eb1e7b245f16b47e7292e1b7d88119275b7cb8 |
| SHA256 | 9ffb13dcc1e6d7be510d2c6b2f7a9c64c2264f0c6ed1559f30c885c2447f7871 |
| SHA512 | 2acb27711ba930f38596f10a05b1cc60cd8aa10f19fabddae2db3ab2cc9594f59d9d3cc17f54438dc68994209ecd63af7d6178d0bbcbc0a100c254ea95e0590d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 535441c8bb5cc08404f697c86dbbae09 |
| SHA1 | 86066d9a4fa9541af3dd7fc3f3513b89f297058c |
| SHA256 | ef8c41113802b3927d84c0db228af26e871aeca874ae4a99e658804a23e284e8 |
| SHA512 | 203d1df5fcf30b70967f09cfa2586639b41f53dadcebf1e5812f15f6917bc3bfbf3d23cf09f4355178ec7aba9727d5a4014725b68df268dddeb51b6ab934e061 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1cc6df48bf52db76b8f208fe3dab169 |
| SHA1 | 4a76b7102a3fc77d1cc8f3e3e019ce5d52a9c12e |
| SHA256 | 581a656f3e844fc904def70c977758a6a2eaf20c5f7296528c9e91500414efc1 |
| SHA512 | 8aeac8b1fc92877e3abe01694918371bb0bb2ccdebcf9fab77a55a9cf462e3b27f0544d456560f9df7427e57640ee7fa030a092a787eb45e0f4f534005794949 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 15:51
Reported
2024-06-03 15:53
Platform
win10v2004-20240226-en
Max time kernel
144s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9255781b201367cfb9c032a8d92171f3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=6048 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=6072 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5464 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=1400 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5040 --field-trial-handle=2256,i,6670388345726423024,18382795228658886258,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.178.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |