Analysis Overview
SHA256
be7999326c573fcdb0cc1aaa1d2c355fc6e1495267a52e42b85caa1b10fe5976
Threat Level: No (potentially) malicious behavior was detected
The file a172d780da31d0e581fc73332483ec26_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 17:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 17:10
Reported
2024-06-12 17:13
Platform
win7-20240611-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424374097" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB470601-28DE-11EF-91CF-DA79F2D4D836} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000fd3112bc5b11f00a065f9cfc407c95bcc0b7a20f5c207d484b3a61e88f296f08000000000e8000000002000020000000c7b635b006c0f727111842dbbf07326f0d5eb6e7f6f5108b88cfb1c8028f6942900000002d20a22d53e0eb4b564e0775054578c192aaef272b40820fee5726347f4bf1a588b6773223fa002c06cec48194b7dcf3a10c52a3cc1dd69cbd28b545204986bdb2552a65b91af3acf815dccfd3a5561a1417a1318ca028b7984273557b4aa59b018367ffb05051aed6ba30ecaf97548b9dd8d7576649dce0fe1fd747b945b361e0c29b22222abb0d5bc8b5d6bf130dc540000000ba5209d4e39648781ea0eecf7f36516af2d71ba0dcbe0c7ee27b8e6504dd3afcadf57b0bf25acc7b525be8bef5197e34405f0f7d47134c334a10eb658c2dd62c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000059b961a11fb110cfff12de46b8c7b0b9f8fcbf95aa4003aafde56957fbf29514000000000e80000000020000200000009d1b2f4602e14e48ab513e2604bc34c23c018fc14eb787c8903109ce5ada493320000000c141cd4e18436640f443271c00da859c0e9ea53ad7f6874847cd1c91ef585324400000008f77e676a62f67e0b394fc16688dfc9991fbc6f0b5e7330e150c8053c45b22d6d3447d90d467e06647ec1843ba4fe8676f3bc45533d59b51210c84f240444ece | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a064ce7febbcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2200 wrote to memory of 1076 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 1076 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 1076 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 1076 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a172d780da31d0e581fc73332483ec26_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2B36.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da32f88aa0f95f63e2981214de9e30b4 |
| SHA1 | bc64b376b9a98486165386655c338814da17a73d |
| SHA256 | b0a2a15f720abd90240b3789ec8a946075f9ae4672e36aa50c3fa70bc4b2d62d |
| SHA512 | 2cfb4f281c917ae368bb417d9eb8ff6b4bb040c5d05b926ab0885abef589560dfef5f4aedb1b5aa552cc5263d56345e51c855d480232f3bc34ecfe65c725b9d9 |
C:\Users\Admin\AppData\Local\Temp\Tar2BEB.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 696a1220641f83db283b2a1f7f8a43c7 |
| SHA1 | db12e7fdc0cb14e3dcb805b090f80e5e4e4dfc82 |
| SHA256 | 490785768cebdf791bad3c52ffe15ee64b08189dbf2b513e4f618ba8685068bc |
| SHA512 | 15eb3de311ad8c894b3b39dfca81d294f808af470664ee1dd73a1d1229c65f8adbb3fa8f660701d66febb1fad6100038882248109b22357a3fd2eb3dd7ebdbbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a29f79c0094760e152b4b57538bd4b67 |
| SHA1 | a1f9435a08c4868718e4d7d09dad93baaa037f36 |
| SHA256 | 661fb47bcdafe29409ba8b4093bce3d6bf5236f8628f8c0b06f95a376a366f20 |
| SHA512 | 489b318b2598d97a4639e0a8c15755f6b757ffa44bb2cd6106c1a5f2b6f8679f0b195da446ba3fd511b924a0ea554f92ff48b8f9ab75be9a785299db5024451e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a89364c555d868852003084115d82da |
| SHA1 | 55bc14aae6e274604eab61c264d6d6efb6a121a8 |
| SHA256 | 704ab503338c3fdb64125e700372875cac37b6a462bb2beb9ead4f6d5fb4c4f3 |
| SHA512 | ddb02c42c044dba6249119498cef8829d127c444b4ff6629507fc9ef19778fc481083e302acde2be1e6116b792748907339ff19335d17627ed8da68e05a75bbc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87a9d3691a887ad5a6a45a53df5cb248 |
| SHA1 | 1913ea78c7416469395753579f0a24de31032b27 |
| SHA256 | 06f0a02745111132ae33f7ad95eaa66d942cf4dd2217f1f736c8fff9a9650211 |
| SHA512 | 7acbdd5070c2f80bb8a7871578bcefb3a5029be3f2124acab988aea543d9225048a2af9b0bf33c0d1f73ae57d29a5ea1d5def9fece9918975e8aca15a81fd39a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a5f2cbd291f721b5c8e6e90be2fa7f8 |
| SHA1 | 7f050005622abfff316ff11050a375398adfacc9 |
| SHA256 | 5602f7535afbeb2819cc0add0722218fabf1b1a82c548fc7cf8d613ac64c7c1c |
| SHA512 | ec0e8933a0fe27c60371676f503837576388cd7926123b6f38174c1cef9626758350f3fe40828a5d684e060e52be8654c71e02ea236fe6e54e3817923c420978 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e255628c90b6fcdfbee05cde147f5060 |
| SHA1 | 98d6ed666e07a44eed824026f358999f9fcf250b |
| SHA256 | 89c295078d6fb5e2d3a4c7542a29aa609c4beae2d7611e152e6a5470eb02e0b6 |
| SHA512 | c24f5802ad876b10ad50d2c64eee7d15d36620718ac4b1c126d879652f24131c73d1cac74ba314f886d94af596416150aeb72466553eee3e6063fbd78bff3e83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9efce32cc3d8aee048fbf55957e566ff |
| SHA1 | d0e0f17b1f584c28213e057c73a91b04976f44b0 |
| SHA256 | ace5979b6b5c0f4fe1000f0b5d159bccc995fba221879a3a1192db669c605fd6 |
| SHA512 | e49b80f3e4eb6f0be8be4064a5d278410138b6b3413332a52c3b1267dfc80796e2396acd7b97315d52a4d2138295ecc2cb3d1ecb3f36a011cba05b1af8de17ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c8f1f0c85e9fd08c2ff2c3902680b9b |
| SHA1 | 99af03d7bea926f5c806d44e5a1d5979f56891fc |
| SHA256 | e4af431df90cee8e0f6b431487d09d49d5cdd8aae34f592fd93493f635e23669 |
| SHA512 | abf05d92c54005af004990a1705ef7757b5ded700dd0ed8bf9a75895de2a8c6f0168399831d7f96d47567cb6fbb9d0e35d28a43714c123159cfc1d7a780bcb44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da4d77ce1c004d95ab37a22580ff5cbc |
| SHA1 | 2ff6c9ca26dcc67a0e7fcc2286682ffa142809fe |
| SHA256 | 16475120a0db60ff0a991547e6b2b78d95bd6cbca7978fd43c0287b6dc28761f |
| SHA512 | aa8a6505eb2802c98c06fccc15b3f9cc5993ed1a776b7de6c6c404f7f20be21156c268a64bd838d1d2ed7374074f2e0eac25eb3e76e5b0c98077c9ed47cbb3e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 132935e7ac9599228c1ab57c4d7326f1 |
| SHA1 | 5743b5692e37d926986d13e2bd5dda5f63c84ee9 |
| SHA256 | e52a79162babf829f865cccda1a7a0cb6f904badea5df4a5ae051bf7923db763 |
| SHA512 | 843537bd99cc782106205cae5ff343a81e7740a62e425dd6531a35cc66c5765bdf6ab0b5727f91b1074fd681c20167d2e349efaeb4b32fa19dba2b0d1567282a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd982a35cd59d5876bcdc354710a6bdd |
| SHA1 | 0ae02fff0c2f65970750460d2bc6b74ef1c17d91 |
| SHA256 | b3d35d6a46557d7677c10f3fecb8eaa34bd6b4f1e41cf87d9d1dfc8d115ef49e |
| SHA512 | 8062ced7081307b38d0fccea9dfa2e10b900ab9d33ce6a2fa4a97e71e2ac461b0ba1930c69d647565a65ac7c4ecc3c971b87ebb35a419a454ebf11b6e4130a47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9499e1a84161031a9b58c8dc8e86e8a0 |
| SHA1 | b8cbde90f187c07ce45af120fa3841f3b804c088 |
| SHA256 | faf783896f0d977e7940944c12e65cccd7c1f604de4f679672fa543cc03b305e |
| SHA512 | c392bed456b9bf18a41aa12871d940772169b6f133ebdb4d6f8f3f31553ab2373e728d507eb6760b4eaea71dce2894e0fba30e35b45d9a2854d3e5ab804ae8bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8c6e5a31f3389757fc7524e5ab2c99e5 |
| SHA1 | 9d0bedc4439c3aa569fb22f1734df9e6f2b34267 |
| SHA256 | eec714552677c32aeaec531b0f9d4822a63e9db4e00039ca902c6ff08ff55a71 |
| SHA512 | 5ad44fae7273c10e2d582840db2751c15d9b5273cd1b2597298182a6fbf241c9ebb40612ef505f42902681e230ce7eee220ea6320919d3a0cc867f7cded45e92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e62c65f3c770bfa394df97797b1b1d6 |
| SHA1 | 94c8341f8734df588cb0994033a02e5a958ef7b7 |
| SHA256 | 5c7e1b1a41ab77f381c36f54a324de15ac0eb8a9031c3e8627c9052b6ea04050 |
| SHA512 | 53ca72e75107cbf98039e1b65574bcccfe3b14fd516a648f6fd6514872b8e1c6dcf3f9338139cf6b79b741f0a9681b3d1dc1be15434ece27ea145be688f45c3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3d4cd3c790acb5e02bb28d2cd40ff1f |
| SHA1 | c5fdcd8d01e1950b00facb54900c8777d14042ef |
| SHA256 | d378be16014838c9500e0c79784143c931ce9327d6eecdcb19ca83f066528ace |
| SHA512 | 5b91d3958537da99c9533d93498221f0b6dbdf96b0f93d9ca4feaf55dba942e358397c56d0a6cd1ebd5e7840731b00f53dcc273d0383529fd7c2ff620b59a542 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5aeb15562ac383cfe7ad52ce7fb52e8e |
| SHA1 | b65507284bf4414f1267c4ac6da232e17e452d47 |
| SHA256 | 5eb59bdc72e0ce4404b3e034e43168ad66e6ed0ffa86100271ab9cee2952d803 |
| SHA512 | 7543117852e365afa517a3543d9dee61c740e1cefdab09b8bef2abb653258173d8101c5d36d17993c52bc48c332b1b8b4cc6b83db171509950897bb08f033fe4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98a86aae16d9721024a2d0ef9e44a1c9 |
| SHA1 | f6ef6ad9c74b78612043cdc0bf4ec0952ca61d74 |
| SHA256 | f4884a91c26982f30c7dcee4bde506bde4cac9ef9ff128f89a22e4f1dbfdd871 |
| SHA512 | bad3e83b9f197917eb907a9c62d6bf588469d842061ed05442af9ba05e6ea29d54820a693ae80e0ae7399dbe0f6f4b277d8ea5bd906a794af3e8c13a99febb96 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 17:10
Reported
2024-06-12 17:13
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a172d780da31d0e581fc73332483ec26_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4640,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4420,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4832,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5416,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5516,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=4740,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5728,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 2.17.251.40:443 | cdn-adef.akamaized.net | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.21:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 23.62.61.72:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |