Analysis Overview
SHA256
8f7cb7cb3b4abfc8340d694358487a384a82c7ce54145247e6d23b4ec662d73f
Threat Level: No (potentially) malicious behavior was detected
The file a12e6210e8c82d053c578627525817a4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 15:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 15:38
Reported
2024-06-12 15:41
Platform
win7-20240221-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000bf4b796eee5a144aea434004026872d000000000200000000001066000000010000200000007ef06a582f692e780bafb7f97415402058acd3e0d4474156012c50cb064f5348000000000e80000000020000200000007702429f3aecef4fbea6fdb5a15189e9c32a0b6436866e7f741a0b73368353be900000007047f2537072db6d19d6eb1f9ef76e6491f514fd9bf0eb5890219a3ffac593529c0dbf6ce8759c58faeb2b232a7a860fa34319d81be97eab74adb0fe6aff61cd8eb41a7210a8d8ec0d88c6d7cec2121cd299aa0e2a6bd8bab40f729ce96d36922bbef7f83c43ead6fc6431d887b0b9c7f91dbd0d4b8c4fcb440cf72705e9be858cf9df3e6c3706c1e9c94c83149b890f4000000005fa7b33ba57566c181bcb8df91481273b4f4ea08ce5f14cc3bd26e71b07922bf3a1dd7994ce97c383974660accff9e3169f71a7fd25e7b00b5e4bb71e209036 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50dcb0aadebcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D4B183B1-28D1-11EF-93E2-EEF45767FDFF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000bf4b796eee5a144aea434004026872d000000000200000000001066000000010000200000005170cab6b9d25e53af247e39c745b7610a0416e601ee65c95565dbd70a580cfa000000000e8000000002000020000000dea47c9bed1f9c2332b9a11c9ecd25bf86c2b3076c9a285ecb656154953e682f200000007a54d926240d6990b7382e5808bcdbc97a48c581e1c8437c75ee11fe877fd8cd40000000aa776f9939bd17190735bcad58573fb80d7f1f87bd76bf7408d7b22e1ef4cc705c58a8f9477857b6d1c560fac742d89bc006b21efc3d151bf2809b8f5ca190ab | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368583" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1580 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1580 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1580 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1580 wrote to memory of 2476 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12e6210e8c82d053c578627525817a4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1580 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | count2.51yes.com | udp |
| US | 8.8.8.8:53 | 866448.com | udp |
| US | 8.8.8.8:53 | www.500855.com | udp |
| US | 80.251.217.54:80 | www.500855.com | tcp |
| US | 80.251.217.54:80 | www.500855.com | tcp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.237:443 | js.users.51.la | tcp |
| US | 163.181.154.237:443 | js.users.51.la | tcp |
| US | 163.181.154.237:443 | js.users.51.la | tcp |
| US | 8.8.8.8:53 | count2.51yes.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab366C.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab3769.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar378D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fda9b67c36b42fed086dc845f89f2b62 |
| SHA1 | 1d22bfac5ad42d1d504fb2f6ebb1705640798fb0 |
| SHA256 | 10c782f8ac96db01517be5748ffa8e7ddf8cc039ec9cc04f6d6e33e6da568d84 |
| SHA512 | d26540dbff93511ea4f4d34054df53a2246ab730566c20627b59840df951eba5f06b2cb9f3fde7972d6581cf812a1b3312265cedaefc3de747f61e757e35b467 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d7626de08213de4eacbb11b3e770a08 |
| SHA1 | cbe85c623aa4f5ed77ed301cb26bb7cd0af031fe |
| SHA256 | 6cbb8b60b8b2253db1bc9c7117395fa0f316721b3a60fcc0aba187cb0e001fc3 |
| SHA512 | 964a7e96861140fe97b63d8a0203a094250285a987edb8e22bc612d2d1a0c3d61e716d23d6505127131146deef2793952fedefe495784824edc5737225e50301 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0327d020eda25fe2cf77d02fbbce0de |
| SHA1 | 7fb723ed40c59abe3666a4ef92fb9aa36dc8a881 |
| SHA256 | 913a0da4c32c819bac3420f3fd94386b36f67592ec1bb53431f544993f36e651 |
| SHA512 | 2fe2c818c3958fa5039061dd63bc7d1d4973a6a855371568cc9a82333e71f3b583033b6c7b20485ab68b919f1764353d17209a4abfced3d498886ec02567ade5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6ffc4f0e872cdd0f401b35075684f5f |
| SHA1 | eb2aebc4e90fe29e30e64dcb5a2f5da979f8dabb |
| SHA256 | bd0a30c16a19d1cd15bfa4c1c2a738099d00bb009b84589666d77726df768db8 |
| SHA512 | 9410e6804a590a10a51361d27a581c4f7a631124f5acf524806730926841ccfb92d1fe1f0da08040b212725728585a762e4095b5befc76428b202cea39c6e25a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 366f87e337a8604f3640d88e6febe601 |
| SHA1 | 997f1a7193cd05e0062df7ac61dbfeffd5917091 |
| SHA256 | fb68807ae77aaa85889bc90509a0ef79b2eef26a833c18ba3e4221955f544be5 |
| SHA512 | 86c0886e26a221f24b324620cd4be741b6e6fd315f9f952d20fda88f4bd322f84d86b7462ae73c5de07f43527aadad5fa43ef2e2dd54f154ac6c3f5eae9c4fb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79fc8944e1a5eb9746d61c45a3b94209 |
| SHA1 | fbf4163619e02fcbca0c70ada11518c6da6fe4eb |
| SHA256 | 61da8003cac8d6107c11a464aed91ba678838b7b7e6a5f58110a8760fe47a224 |
| SHA512 | 5aa1ecd830ca9e41d1a10787b6ae6a24ed7386be1cb738c411df9bb9bc2369d150eb2bee46cf0d0a2cee1543017f7a1da02f0e9461d1bf634d4276e531f3e644 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d448d0c7a01b96d1bcff04ea9389e154 |
| SHA1 | 25e7cddecbcdcd377e0f0d623f072ad0e38f88e6 |
| SHA256 | ccab7307a2569233fae1201f9ce4ed5b1112eb273f085b6907f2fba2ac6ae3f1 |
| SHA512 | bde86787e3102b265b8374cb3809333f0420c8296a464880bcedf463897920c057b583dfcc01aaa2f5c427f1433c2739722e6ac59bce54e426a6471043f3aa89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13a9871052f9a62123009281a6bd0ab9 |
| SHA1 | 07386b298e20f8c200ecb7db7e78f37c1748a454 |
| SHA256 | 76cff93ccb634b1eed0e00ebef2e69700362a7364993146357b723f04a24cde4 |
| SHA512 | 154bd02f3188b4bd69be7f7b290101505b9d8e2604ba7e747012580e3ead0e9696892ff63a077290c67f50ef30b75abcd1dee80f3c7b4467b09894c79e385f50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dea34cf719940d2d3859057c9b1b0502 |
| SHA1 | ab609974a6b2c11d8bceb6d1f7b86ff01d40b0c2 |
| SHA256 | 6350d2146dd18fb0a2c3a2aa793ca5955203df0c3b025ee9083500ce488a9849 |
| SHA512 | 2789528741346c47994d6a15ef31547110bb1be9d60da7ebb8c175b2cfc39c35ae294319ae38c2eed6820bb78a720c3088addbec17698161d20530fe5bf9a124 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc8a61851e3ce0220876d8238dd05e25 |
| SHA1 | 2994702bb5b6ae873b989d35812e0c0615b65ffb |
| SHA256 | 03eb64ade6700fa466cf81d325373537eea99a8684f3f6f0f096fe31215be96e |
| SHA512 | 71d2fffce21603c2024044b3980b23c4169ca9939eeb127aa3b544475c465caf52d1bb590f1f7c4c046abd8f40ca0e0a542eebeeebac5b56259dd35fa3c20292 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 929eb6d634ce42498d85d92e48e62729 |
| SHA1 | 8d1fdb70b7c031ab312c76fe3ad74b566d7ecfcd |
| SHA256 | 8e6a6b44c5f889f5fbfa40ae6ff2ce409799f26fb8792e92e28e2bee058e7e22 |
| SHA512 | e62004230d42e4bc6aa5a9c8462f63b7d93531d7e896a527177b564c82d79faa0f359e9d9456ed2b814a422116f271d09def8a42603397d5de84d93ca04d2537 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 791eb12d4d84ec0e8e2ecad363101344 |
| SHA1 | f6efae32b942e34146e7c777f57347c439c2a97a |
| SHA256 | 29a852b5cf8008a9aa8a9791eb0a362d4b4fcfaac2929d24c7f1bc1cefcf5878 |
| SHA512 | 61782bf74e6ad79a2724b6a85b655a124cd1adae473d1734d2b6c3c48ed19d4172949749c5510a5df28c84286bf8046fcf5f6851986b35e75e3e497dbe04cfba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1d23411fa5ecc97524e974f7fea4d4f |
| SHA1 | 776f201492d7970b7db3d07172ba8834a3306914 |
| SHA256 | ee50211684ea7b81f0097925b8325e79f18fbdd432ed5f19a46f2a39c251103b |
| SHA512 | ecf937afd8d6151ec704601370d5459fc346baf48897148a320fca28e5e368dc73edd4378f6dcd22b8f01c5d74a7161383cf92b64eb0a6f3470473df3b9d1a71 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c346ef83e73f2bb4e47636c4b702874 |
| SHA1 | 6321e5f0d3b58232616d79916e57b2fc97a77ec0 |
| SHA256 | 5587ce5b9bb56f20acd09d3b1ec361eec16ac4c72f2793a15569788a8d1d51a5 |
| SHA512 | 7e96c3558387bba860b8b41062690a0a6806e50e2145cb1ad11d3cc3b9a7daee722034d11bcac7571ca5494179f17d93b98e91013343b1cb8df5a721f264ec9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab01d337b28fbef1a6052a9e15077d15 |
| SHA1 | 19ba8878dd9049947fa600b107c8bd52327e5fcc |
| SHA256 | 45a46243ce13323214cf9114e72be4b4f441737aa001e7b4dbc643db0b648d65 |
| SHA512 | c319de25eb4917aa0f97368402066d59cc4d1ef8e83068fe607a037a07fc8319dbac7d48abe70cfc9936c0e058ca032d9f776b59ddf60d5c70c63b1c2b4d9589 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dac905ac993ab5e75c8fd7b045af378 |
| SHA1 | 46e15b1ff15d6a9350ad695e1196d06d65d6bf1a |
| SHA256 | 94c6f86a30d695bca4b4a2e9bc8fab811dc3fab65738b5c0fed458ea8e4e1594 |
| SHA512 | 66eac63c9cd88df450e223f8c5b084b8567d971ef6e4326dd9bbd87be9c48f78f4d85c0b39547fe12dfc1b4905f168a68b526c5fe7e9d9af6affe04b3aab280e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d1b0f94afb926d8fce30a320f360b7b |
| SHA1 | c01f8e68e1517baccdd979ce034cedd943f0637b |
| SHA256 | 9adaca9f2f8a8ce07bde97d582843414661116c1b9e51a4dc586420344effb81 |
| SHA512 | c94a4cd43c5b752fcf0ab73e81c139bf5f7fe560f6e5f8da3ecc4534394e24a18331fe1173d2b0e4fb4d26e7f5eb9125b4019fca864f228154969175f0378343 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a14c40384278fa9a2740cefe8f063349 |
| SHA1 | 0be5fe9e46a87394e3baae98d26b08f600b7692f |
| SHA256 | 9ab63886ef697034eaeb657ee23884ab34d16d23e6f6779ebcf9f0e561fcfa1a |
| SHA512 | a0dbff63a6757bc6bd18ab6ee385af2c207c3ac794c0e09e88cf01af316ab4e78ca1932b42effb0e9932c172050e282d17d770778f1f54c5b33217eeda551515 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f02ab3fb8bb2b93eea915e627ac4cf3 |
| SHA1 | b73ed83c6cafe337280f093e345776ab21c26efa |
| SHA256 | d475f8af99850bf56c9385eb0f02feda51735f141ca0ef2ceab1dab558194d51 |
| SHA512 | 42fc47e638380b1a3aa17b3dba0bfa431040ab78cb3b9b8851bc9b20ce4f1a448601027dfb56e59bf2954f421f8691b888d96491fd5c43cc0c4cbab6d4c9cfd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f97ec53e1bbf048f2f270354290c5e82 |
| SHA1 | 19aec29fa42380484fc2ce4298cbcd124e5b8f15 |
| SHA256 | d9fb6e4a7279dbd6e0ba351802e751969f3f037e9db8ffff926afa5269e9d8c5 |
| SHA512 | 426aec314b2230cccd7782446211bc46e96042f6c5a1927818ea9b56187db0f47e4b12d5df9f45c1a47ea256283cd15b8ea4a71f44cb4b803156e197b1254f31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53516ee9fa5e74c312d6b2a778e89d0c |
| SHA1 | e31dc93e01d34ff3b194a7dabffb68a4349f8407 |
| SHA256 | 858a4d2352c6ebfc8c782e83c10aa7a5859f8061d9eb9c44260634f079e5a81f |
| SHA512 | 37b08c1b5f6d8d4ba25f2b5fcfa5f86214e812fe1a3a0fe83c905eb776e25d8e359b06d0f77fb656cb75ec922dd0769e776e8a09614972341ceaec9d9ca15814 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9255b9862ee1857602f325736818d12 |
| SHA1 | 0a0029c77a631b16599cbb9a595d2ad7cf56bcf1 |
| SHA256 | ecae71e58e73ff821b3e1c7766a77014a4ee76209eae21457676ddd0b6477759 |
| SHA512 | 41690d48b20bb8c3b4b415a0f0cb8fd97a9a105329bfe2a7e22a54890991a27fdb05cde14d8d446e616ba848375ab20bfda42e9fe26659f3c6432fad3eb91ddb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae95322ea1f5bf597e0d2bb0ab820872 |
| SHA1 | 05d39e9a2013b7d192d2ef47f4b48b28c44955ee |
| SHA256 | 9bbc51a90717aac42189b9c1eb25751470397efc53c675747bb63f5ca165d49b |
| SHA512 | 993d3a26a9b77e5e02519dea2498fbc1a4b6097f6ee0a20052e82ba17a7c801178fb680f0eafcd5ec125af8405cc921c2553b48dad19d6845073ffca9238d45f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bc82b063250b5ea510486f05f4b26e4 |
| SHA1 | ded67264ee395762ea59fdf14bccd5af3a1a019a |
| SHA256 | 619a459fdd969d6aff568d4719e74e4e2011d00e6ccffc6e7127fac5229c8753 |
| SHA512 | e861ab2d162cda2d20f939726f054b9fe139e4bcd03b3e97b12b9f86f4217b20b9a0ba259b77482044da4a6f9746c313263119fc88ce2bd9e5d29b3b7a42e6fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2058cd4733cd15b8c020ce9c4bd482fe |
| SHA1 | aa785230638cc3e14682027373700f35bc079644 |
| SHA256 | fc4f5e455cacc072e9c164344154cd5d0d9d90810666473cd7126d221e1140a8 |
| SHA512 | bae4df188ba7c5c393aaf79d0b1a3a76469b27cdc3e5a492c10e9a30591c19607ef1cac0bd1daa53b903136340845101fa921b3977e843d654276038fc15067d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1020f082e07dc9f9495eec398fa9fead |
| SHA1 | dfd310cc4b4ebeaf80ecd0e3c52f9f84edf58d06 |
| SHA256 | 9233663bba97b18b8e7a2a3c072f1a94aa98b71c1f20f28fb5950219b67e3f57 |
| SHA512 | 533cd014b9b25f5f0b6f3dc5fda7a91dc6250093c04935c62fdec98278c61197b988460b95599ac1c96fb0cdb5da4a22305e6c0d475188a0ba9185c673960b94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa6c055e3cc619ba8d7553ab8e817256 |
| SHA1 | bfad96a589d63f7e28cc20d2b8c23d133eee2d12 |
| SHA256 | dc2a8b90742327cdab40bfcc5aae9293d38028d7054a8389ec9f7ec18041ec52 |
| SHA512 | 8ad81d99c4e527759bf4c8db2aac633bb0cefe0062d2d65871e64904726216cea789d0bd10ce78ba79e707af423cf3a06501688262dd936e06083bd86dbf579b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 15:38
Reported
2024-06-12 15:41
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
149s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a12e6210e8c82d053c578627525817a4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=5036,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=1040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4132,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=4772,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5344,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5296,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5288,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=6080,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5148,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5176 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5356,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.500855.com | udp |
| US | 8.8.8.8:53 | www.500855.com | udp |
| US | 8.8.8.8:53 | www.500855.com | udp |
| US | 8.8.8.8:53 | count2.51yes.com | udp |
| US | 8.8.8.8:53 | count2.51yes.com | udp |
| US | 8.8.8.8:53 | www.500855.com | udp |
| US | 8.8.8.8:53 | www.500855.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 239.45.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 866448.com | udp |
| US | 8.8.8.8:53 | 866448.com | udp |
| NL | 96.16.53.149:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 866448.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 80.251.217.54:80 | www.500855.com | tcp |
| US | 80.251.217.54:80 | www.500855.com | tcp |
| US | 8.8.8.8:53 | www.500855.com | udp |
| US | 80.251.217.54:443 | www.500855.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 80.251.217.54:443 | www.500855.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | count2.51yes.com | udp |
| US | 8.8.8.8:53 | count2.51yes.com | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.53.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.217.251.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| BE | 2.17.107.107:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 107.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.500855.com | udp |
| US | 8.8.8.8:53 | count2.51yes.com | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 163.181.154.237:443 | js.users.51.la | tcp |
| BE | 88.221.83.209:443 | www.bing.com | udp |
| BE | 88.221.83.209:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| US | 8.8.8.8:53 | ia.51.la | udp |
| GB | 104.166.160.229:80 | ia.51.la | tcp |
| US | 8.8.8.8:53 | 237.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.160.166.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 114.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.250:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 250.83.221.88.in-addr.arpa | udp |
| US | 80.251.217.54:80 | www.500855.com | tcp |
| US | 80.251.217.54:80 | www.500855.com | tcp |