Analysis Overview
SHA256
85dd3356b343d5b08b3a8bfe89e2317f77c271af71bdda59d7d825306010ee36
Threat Level: No (potentially) malicious behavior was detected
The file a2fbb8ec3e9f34fcee788ce871f2f9dd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 23:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 23:43
Reported
2024-06-12 23:46
Platform
win7-20240611-en
Max time kernel
118s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b228ce6fc5a11579a87ad03162aed2149f8599e552b0809401c670cacf9008d6000000000e8000000002000020000000642c3560674d7f075e082d14d78fbfb8d125e94a206a7435d62aaf39f1e0c0e2900000007c8c403b4aa64a08f16a6cf16362ef59a680e5bbf3300467c9df142010e5d77dbc973e3db97f7c14142e7f1cfda7591fcd407a055bda94e1246019c010923f85460a4d9198acffb8ad6ba3326919c77ebd3ae590fa89972a1cd80f955dc04be5fe5b10c880342bba779f659e620098d73b641b6eaa0b5249c1877bb27cd8dded77f4e283a49783f6fd8a2857cff9bca94000000063642fa3c3515a42288c3d71367f460eb990d8e4bec60a8c61bad49acadf922cae40a53fa66c4c48f74fefc2d7b678113012ecc6e29089f7206bd17943bf0988 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397697" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9DDC8E41-2915-11EF-B47E-DA79F2D4D836} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000647db4be841884c96e8356d9bc45136bf6c69c2c5313b8a308159b7255b4da11000000000e8000000002000020000000ae915cb5351d017fabf01b2ad6e0dfc0a59b43d186dc02b31c018d9dd6edf50720000000a6a412d1a9ab04cb6f29bc32a9d503413d7c9277a3c8878ff19ea107757fa8ce4000000056c06a2a7130d833232230fc5e1510c5da7c8a6ce439a7a99667f50433d7e910aa31a47348865b9c377122a30682b51fb7825c73cd0e47815754f023b70f5951 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0fadf7222bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2412 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2412 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2412 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2412 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fbb8ec3e9f34fcee788ce871f2f9dd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6604.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar66A5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd0d55fb8600d9f18a752caad3307f8c |
| SHA1 | 3541a44a22806b13f5623b2eb07cd7b24a79d95a |
| SHA256 | aba35e80d2d494f5f2a2bb9f9c552132c354fb415279d39abe8bfea338ff06e0 |
| SHA512 | e62c603880d4f80213f5cf0bfa44574fb1132ae17147230a035eb6376bad2bd1351885dab2914f99cd071cb9b4692529ae9a63103717a0e506c8487d68ff9664 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a7df4f3f5ecc1d48a7955234ee27819 |
| SHA1 | 5bc92285bea4d5bac6202ba59ddf465149e115fa |
| SHA256 | 12723c01e19e7cc86110c5ffe31be0d82c3214070e4d7e625aa043f70f3379e1 |
| SHA512 | b2761bbf3ee8b2d00ade26853f3378699455ed16500d4eb993f83219e2e76017260c7d4c79cd04e1d7a86af3e27167e1546767c3347c06a3e5b8edb80eee9866 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11b584e72b598499d08a123fa6bd6332 |
| SHA1 | cd7e3638a279d9a56835b3f76cb6eaf6f9427515 |
| SHA256 | 6179fcbedcb4093b22f2ce973e8efde7bbe4dbaaaaa11c7047ff0b49aeaa3a14 |
| SHA512 | f1ca5f84c2d78353bbcb165ce0d7df3bd3bd6ad7a91faaf3bf39c786fd4c2bd3e2731c9c645d0a5aa9c5f4235b7061e8be56ecc9d7fbfdb0e7d2bb35d9ecd2e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2be3098883732dcdfa32e307dfa76013 |
| SHA1 | 41edec4df65a3e47c8aed07a1f7d2102d30f8721 |
| SHA256 | ca1dff3386fb61cc21d9842b37207112e4679759397d4d38b87347047bc6aadd |
| SHA512 | 3352735231a42c0862cd386ab1e52b3ad56901eb8e269e0758012d954970d061686c036ff2bee058ee3fd6d5a95370f57599a99328ba0a02099aceeb28c734a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31551cf016edc17434940bf5bb350006 |
| SHA1 | f5a0d5fc48dc744447200c3cb8d25955d426fc60 |
| SHA256 | 78302849ff45842eee2207bbc1aa29902841fe29afbab450a918dce3239643f4 |
| SHA512 | 7837213400d8b3edfee7ccab5a53ec84f79baf338748e60b39677f5960f5c03a39fe8d120033a2be298bc3b1204e286d51ec7fc6d95aef161ea979e05fcf4b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6eee11c02804953bef2cc9820c839ee8 |
| SHA1 | 05ff26e0f4a16884f136f167cfb32d785689d571 |
| SHA256 | 8c6a852dae1c2da369dc403b78f56ccd1544d65a6ea77316dede6b51eb4b4e38 |
| SHA512 | bf26a3f8c97b52fa157db68ad9f83048df75b5176bd70832dfdfc4963f806f2f7cf14d2a58a86b236e2a853ed127fd0120edfeaf82abcf9c603cde331254f018 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb4899a3c2f52d1b358ef86cd4fef4ae |
| SHA1 | 06445fa8c25ebb78b09c3e6c7e6c6ef225e489d2 |
| SHA256 | 6ca02282efab4f6171a72c51b8faefa18452db1fa6366725cd9b06a34e2c015c |
| SHA512 | dd2717e813d8e476f2b54c03fc653560c5eb6a5151e7dea9964b07143b83b22c33af56771110130d12684b6db8ecdd8c7a2ab1d9be9121c79e61654447191fa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 998ecc2ce9aabd4d4e21f4eb7aae7700 |
| SHA1 | de6ec402f30ae8ccc10ed3390bb3c0a4a4924925 |
| SHA256 | a1929bce38875c2cf20256542e52d1177db9dffb97db816d99b8cc761a428d43 |
| SHA512 | a4c128a23da471f64059de7553212b0aff76dd16d86a2c793f313eba482823c1c5ef563ba2601fc41bfc67d790f512cedd8213029fd3ff0a9013e21f9fd8b75a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a6b070ad732c7b3983d72dea64a7a38 |
| SHA1 | 2dfd6cf3c9307b1e1fd3a2e4bf3b1b2fe089a4c2 |
| SHA256 | 7a8623fd71888db0d8f9553ea6bb50fd58f210ce3de318adae99bce49c40712d |
| SHA512 | ccbbe16e88fdaf4043752df9a4e05693cb298dd60e155b478328f73c1e28f2bd89d9b86013b089a031f29c0f7a74cc040a2ce449200595861f97aee966a11aeb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0a837069a6811f7f137417c48bdfdf6 |
| SHA1 | 0eb1f4d1c7fa8e2b283845ba5143391799de0c8a |
| SHA256 | 5f85ff94a0df3d37b28d55dbf5111be7f2f6d8d70dae335295457ccecbab3997 |
| SHA512 | c781685810581e9f118390a5d2480d1def50ca45769406526bf5a4c9c228b36317d96ed77bda32d89bdc38bdbf609c0f31407fe846f075230da93c3b807b8c25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e16884d9f7d4c2403e6e06288bd6a9fc |
| SHA1 | 042c45670fa8190e6818c275c0d04c74dc2deb27 |
| SHA256 | cac1177ed5da84aa0874a0b394b900f14d426a46358e3a90f119774810d8b3b4 |
| SHA512 | f078944235cacd15f7c76708b17cfb78d4768ccb1cb4efddba5c2552c5d0e881bc873eaab158d15ee8350d7c29f5305cc171ffc1e51264bad6e8f0da00e90ad6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75c5f002bc5b2b9bd421e0313357a2b8 |
| SHA1 | e9f68c3cf8a460d3d6cc2fa9ba351d3dedbe9000 |
| SHA256 | d0f2d7c984e77f60a9245b813011671530efe9fe01dc977daae8d6644b64c0fc |
| SHA512 | 98537516ec85bca51b196ec1b24af1ba6c8a1c2f9a1627f518e6e37954a3d6e90b372d4bd25e2c8e93501d57cbf6811ad2bb6ccf15a734a5345609d4bd6c69a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c448785f572066e377a51a93379ad0c5 |
| SHA1 | 99aec7f2818ed329e34b9dab4d3562e708d138c1 |
| SHA256 | 71c3b9369df1411ff52e078c89fd8aba4cfa35a4c37228835a08aae027e90999 |
| SHA512 | 02f146ebd781f6c44d5fa7454897ae08c503e5fada198181a877b08220bc96e72466493e9e2443835e2e137fda20b645d2a495e60f77caf6f6d32b5ef58bbbbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47316a70a981dc020fc62fa700cbb346 |
| SHA1 | 3672dd0e0b5f72499a85ef9e146224f1ebd366fc |
| SHA256 | 208b7fd10f4b8efb9624eb2bd59938d0181407db5795c26953fbdd31167c5973 |
| SHA512 | 76d831defbe4326c2a098a1fa5d7882ff01e0ab51ce3b56985b092aa7483194b437591ec165c84750851cf4c548f46083eaaea0fc2d27048a729dddc60f41e53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51b85c740bc732e556d54ad9aa0a4b08 |
| SHA1 | 5fe5119210639a19378ca263520ae5055eae10d5 |
| SHA256 | 8a4735d4a9ea6f87030f335ff37ef938d79cfd75ee0ff336c308415c1322d4de |
| SHA512 | 0a0aff385abf456436642dd85ffeee09ef6b2e5e1fdefc8ded4ae66165279c57f5cd3491069731015bd11f80690a4d8bb5a49b25a17b155777be83880e2d153f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 312d9203fa92257dd622b9087f1b1ee8 |
| SHA1 | 9455942e16d05d74f87e0ad750658b0f0e17230b |
| SHA256 | 53730fc05a749afb2e6d86bd801fe0fb14c09b5b5ac491611839267fce51431a |
| SHA512 | 20528eaa2d8396504e8a59799caf0b46291ea64eb2ee96775d36d03034148493537b38c12926b9c4b2d68c695ab79df24c6754b2536e85342612fd2a3c833227 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b782c3f33e6319b8c8dc04729a6a827 |
| SHA1 | fcc5071d3fff5180d6bb8f4ca62e3e972b8f6617 |
| SHA256 | 256c0628f7acdb53755a930b5ae08b493048bce2d66c19d7e31d7f637c246cee |
| SHA512 | ed2f62615a49ef7edf4e1e646d4d1b7d5c418b6b0f2538bc9c41c7c00e87f212f8d9400e23983c80e6fec211716b0bdcbe55fd235d30f12635b5fd08c49abf6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57c9acf7ceca4d7f5aae57e9dc8298b5 |
| SHA1 | 3d1bd113149d19e5514420e1afcce0393548bdcb |
| SHA256 | b8f194d0741108092901b08d36ad80e6a8c9c42d7bcde5dc013f46fdf14a39f7 |
| SHA512 | a960a1cb21901d9804af2b2391a8fe5267d7dca42e9ec802af980325d973cbc5f4b893e03395911d6c8be188fe8152592a667bf6ca96c05b995bbf52a7144398 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9e4bbd067894640e583c6c4fd5ec238 |
| SHA1 | b79f6f0d3fcf2dc78b1d1919f2d57235173430fb |
| SHA256 | 7cb0c7d70a5ec55d93adb5f41388f8d18f1091302e9473d8057bd5a9c2fa3c35 |
| SHA512 | c478867a7891f21858faf64515b53236c8bd1f589f33fe38766a0d717c5ca7e84743101459f361aab80c44263ddf699a40c2362694ebb4460fc221323ffb6668 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 326d1543fb71ed1487d19083d6b52285 |
| SHA1 | cc3099bc185b5c6ea6c542690ac1898a667f3ecc |
| SHA256 | e8fe9a17c0f1e6cff36e6e4acc89c98ba53c12e2dd484093fcfdfa8b077ad4b6 |
| SHA512 | ec738a1b9e90f775c68d755169470eb2806e2a9f6b3023f58c0d3c385f89e7f77870aea938ca48a668479dfc0ad0833212d3df49cffe160b2d4ef6377e19a2e9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 23:43
Reported
2024-06-12 23:46
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
145s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fbb8ec3e9f34fcee788ce871f2f9dd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4764,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3932,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5268,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5336,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5352,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5812,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5776,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4340,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=4072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |