Analysis Overview
SHA256
566d4f8342647329df1c99bd572c59df53263ab1c27eb05b4766e9aa554de4fe
Threat Level: No (potentially) malicious behavior was detected
The file a2d8c3c70db0ce417f303385b65ec033_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:06
Reported
2024-06-12 23:08
Platform
win7-20240221-en
Max time kernel
117s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000757112310ff4754f8d676434dab125d90000000002000000000010660000000100002000000006d78779d79a6e78c0dabd5787ea66f131ff9bbcbc6457579397fc76e0b96e25000000000e80000000020000200000006ab3d78e17d474dc5e4de3809cac07573c037a13b5d07e76fce724e18b4505e120000000bff0324512ffe728038aafca3735a7a62d5ca15cadc1522483c10c7bcdb631d340000000a1c19134cd94809b7a142994c0025a5442c9c0365b33d3fbc6be93d3d27ab6e4de6601d14e58b23e33f488973165c80819bea431dbfedc517c91699f0bbb4de2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000757112310ff4754f8d676434dab125d9000000000200000000001066000000010000200000000d827fb0f80b2b0df62123528c6654d860d8b5f2024f3fa8d377f8be9b85abba000000000e80000000020000200000006353009fe886542d50f9c06cef42d6f6c56d72ee1777146e6c146cf545b7fef590000000656e42f3d4e169c9e5c8afe49b0d73cbc76a21d1656021cc19c47a97ecdb312167b0df020989187673861ff8a543b82bb4bd54595209385c1a5df9e92544a01fda178a1d39eeedef498aa0158906d06ade5db80c74799f61cd24ab14452ec01bbd0bb5e2560f481dcc657035c5e8157f43e4696e805c4b87745ecc1dc594946b7e86857b7ffad1e7a434b4f6308eea42400000001ed9a9ab09e02db27a1b9ae46d5897364c813fc25c7f116956cda3bb312c3f2e16e4abeb5e5fafb813d1746ed8bfecd56d81a4e97bd64446b75c89ebedf8be2d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 805859351dbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5CC4DDE1-2910-11EF-A30C-E60682B688C9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424395440" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2196 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2d8c3c70db0ce417f303385b65ec033_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab50A1.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar51B3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b9b870100b1c13714f56e93f498b02e |
| SHA1 | 953911db996b635a3f74c124703be67efd19068b |
| SHA256 | ce825a5a8795e937446201d03902ef98908cf54cf72db3636046bd2b6df36de8 |
| SHA512 | 1f9f474c6df6c5f899f5787be0d710561614c61187677fae8fc887beed5b2e1617a75ef4baed50ea492e581993a7b7d2fc609ea95f4347aecaf678167c9b56de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3196c2d8780e1c25d22cc6222ca8630 |
| SHA1 | 4a51df3612e7b1bcc99d492449a030c6b228b475 |
| SHA256 | db09069d62f44ccf6a5e31051115f4439a313e19c9d3c23148d604497ff025bf |
| SHA512 | a86c0eb27dd2d8d9c396cac5616962ae596e1790342d9b6b65179ff2cca9d20b6fac3cd159bdf4796d2b36f01b6209a87f35c04510d0f26d5857821bef58d83d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d241514d5731650382535afb7847c62 |
| SHA1 | f2e17f2a910e273ec26fed0dab2b3ed65beb3954 |
| SHA256 | ac2c1abacd56f04625e24f7903599dbe5b06d8c30d3f1dc663ae81786fdc671b |
| SHA512 | fcc3e04aed447bf60bb6fb786b891cf52eab3a8ac100f7962fb09b143fa5c82bccfb4c487e0f619ea82d12f263ca013d8183015661458e3b25a1e752c10fca6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2191a4757ffbdc317cf7a61d4d6112e1 |
| SHA1 | f24c6d8a774546b1ed0ca159ee38b9abbbf4eff5 |
| SHA256 | 776729808c7d1b88c81dedc7032be69db4c5dfd3aed3fc9d9e8d4fba4ada5bae |
| SHA512 | 298cbcb665296c8dc7ae5229fd03a26a44b1465bda9f9d8477368d2980560e48feb97159dae640e2e07168fd91792199c41669eaa2d3f8319fc532e86dca9d59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6ab2e6fe0b799eda53a15174cb5b7e9 |
| SHA1 | d0385ab5b6049dc2c5dd4220aa8b1d98b12c641e |
| SHA256 | 4b2c1fe210574e5be82fbc727ed372a283582247ae97d24014cf2f8173e84742 |
| SHA512 | 7cb0ee916b1fe9a3408afd6fc2d961946ed8a3a8ee2b6b4e88b23de33fcd94982ca542e216fd6c984fb3295af1891377ed283ada4702be3e46fdc6daa4a0a412 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bfce96e05caac5d59b2294d9af9dfb3 |
| SHA1 | 9b551d022549d02dcf1a4b343180ca1c3d598004 |
| SHA256 | f1f5d102fc395e47a31c26cd4434dab60d30de39d8673238edde8e146ce45459 |
| SHA512 | 7ce594284e797b5ac20afb63e9e894c97fee093585c6107d1f47256404cb636c1a3c583f0ffbb5882688c45077285714473f4738ef35214ea9668f06e382bff6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6adcbf8b1766bc4b6a98bc5e0ba19bd7 |
| SHA1 | 76aa83703dd8c846ef175cedf05d40062e3def33 |
| SHA256 | 1d8fbf47b0aa20c7bc5b7084ebeae23ab2f65055d9515b62d0f8604e9fd24857 |
| SHA512 | db0eaf09e92393a14b41864ba9e9bf46c566bae60d5cd57872da5de278619d5cbbe6091d67eb151062f9e274943383e0b1fc9b67037bd93489a0a8502b740c1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c72e9c0e048f723c779a440e7c63a2c5 |
| SHA1 | 7ad1369d137269891ba459a736ab45bbd8b3b0e0 |
| SHA256 | 371aa1ddeeaca9b4f35fb23ac6db2ecdcbd59440ce8560d0abb6476b54c21fff |
| SHA512 | 7fbca0ac40551a76c1c2c38bdd2355b2dd648c24e486ee4fb2cef75137e73f3c7b0f43c9b5b76dd196f2a002176a27ff7727b0a7e9b8a20386d0becf153ca5b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 046dcded6a7a1e8fbafcb88a0fc40a25 |
| SHA1 | 2ea5816310c9a2cd5601f521a0d0494014e6e865 |
| SHA256 | 84047305c3e5f4d1b138915f0e50cfb8dcaa79795ef4e7c7d2105802c695f479 |
| SHA512 | d4053fa08d077ac5844b52e2506f5f5bb8e23fd8fe205e499c60caf206eb6424c7ebb06291fd03c4c78f3fa045d682b55a318b04aa0c5ed4c46dd51fee66769d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d147529c5ee51b10a8022bd27fca57b |
| SHA1 | 84b6a2a7b2680d3df99cb6d67ab6966cd4e04e1c |
| SHA256 | f005d5993050f68cf7a1ae7247cdd7f00d6e6161847f6018d42c4e406b8a835d |
| SHA512 | e5c3bcc5c64a7331ed0d8984521c33aa1773360c62cd2975781c44c01c6e9e7dca975aebeba45bac6f1f715c837fb82ccc3e0cd6c662e5f6618e8970fb7caed6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 152e80cf102b8f5aae071bee3bf83a9c |
| SHA1 | 542360d6f25a1b275f824728d37caa3d9591b935 |
| SHA256 | e888ca2571d537a78ed615cb5676a393ccb7a71a2a965c0ccd732909bde1a268 |
| SHA512 | 1a7af3d24f827e330e1cfe466be7347552f8c72debcc61a2bd61b8b458417bdf9daf803a6aa03b2369df908dd34e4f98051b234ad498aab65d159fa2134698b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 629060d7c0ea1128f880011f8a200b0d |
| SHA1 | 113067e24fc0f6f5d66c1ca5f5a0458a7a16f17e |
| SHA256 | c820767c785b96889c53606b96fc0a4884808980ddd0f3eb0174ad191f2b793b |
| SHA512 | 333dfa970d9d17ba9714bc77b24237e24774bd3226a38d7117426713da833e63948317f07558c41d53b79b8d2659bd43057b28c6a6deb65bd64542f878b64e77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff0a081e52531d3db72d4ab2284c436a |
| SHA1 | fd0677087229a8115525aeafa5c8df6e4be90533 |
| SHA256 | 3c26e142b459f1badf209bb67141b364608e450a8aa57612ef1b706224d7e564 |
| SHA512 | e6a2a025f064a23c99a88946d5194087b27bf0b5d49f444ef152263b01e6e808f7c93de1ac8d934b7e25b197d733ad26a8aefef5202f2bc1d3298f363e592fd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e1ae28bbb26256143708452f72ba84d |
| SHA1 | 2ed64cc3c46ab94fe850fde6bd37691d17533019 |
| SHA256 | 9fd9b1012d0dc4a7a2d1c066177f39be0fa990fdcaecd0f94bafb33bf7d189e0 |
| SHA512 | 0685fb3197f34a1337b261d53edf57e4034f4d4cb9925936ed5540599341d643df5e590909d55f9ebf95344e49590a6687f85ad232408bee663401fbe9ee0e5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4036a3dba2e5af29c0faf0b8deeb1ec7 |
| SHA1 | de14dd00a8a008e53f8dfe4a52adce025a5bc81a |
| SHA256 | 2c0b6c564fb70406d2ef88a12aa1981e111e84cf2f5ab6d5ffb6bb916898e394 |
| SHA512 | 76805cd88332948a44404c262e2ea07d7c8c14fa8a6ab6ec2e8df7890565c535cdbca063044075c16df547567769fb6d0dac7755512e4a035b3421cbe15a4920 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85bfe917d666ad9fb6694d70a570cce3 |
| SHA1 | c285aead6e6ff863ba96da133aee924c667050a3 |
| SHA256 | df2faa6a165bfb334e7b643a15a4a308d9d0ff3578d702b0ff0ffaaf0c759378 |
| SHA512 | 6e21ef5e437b7bd59de395ae89b80b749121d62ef9f76f80935e64650e28a236c812a0fe9a70f86f1a363a39d6c44b0eaf1ac945794c6793e4324ad6e09c957a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f906d6886ad858ce9dc2b1ce8fc277e |
| SHA1 | a30f4a684b60aba8f159c09541e6efc2eb007f01 |
| SHA256 | a91c985370f035f875105a42d91b69f3d3027b9131fde2a11abcdc779d541c87 |
| SHA512 | bfdbe39fa8f6573f9523e70706486f053010481c6c176001bcee7a4114d6b759df87510df02ac91b9fbb94d864f47c60e5069eee368cf94dd24546daf9b360fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa97ad276627ebba36775ef1b8799b61 |
| SHA1 | 38857bf086d4276d5f88b24a7121eefd4ceeb5d8 |
| SHA256 | 3abc2f1b2da30b7655e2792392c37cc0cf6c20e874460186bc9f0dc6d821c60f |
| SHA512 | b642429b0e5f67da603e865312d3669f674d528e9d592c7308791d0e52536a49e35b56a7e3c1fb06441b7c6f0f75f5a2c935c64e9aed97319b84931864fafac6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:06
Reported
2024-06-12 23:09
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2d8c3c70db0ce417f303385b65ec033_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5448 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4440 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5236 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5432 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=1780 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5980 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 157.210.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 13.89.179.12:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 12.179.89.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| BE | 2.17.196.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.196.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| BE | 2.17.107.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 105.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.239.69.13.in-addr.arpa | udp |