Analysis Overview
SHA256
c76438897eb74ae3ac927a568ff8fdc16edad7ebf104adce0ec90f3681db3a8e
Threat Level: No (potentially) malicious behavior was detected
The file a173c21c330bc6faa8e71c764988574d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 17:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 17:11
Reported
2024-06-12 17:14
Platform
win7-20240611-en
Max time kernel
119s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e5bd97e9160575145852ff15d3c29269c8081105159cf75ed8e2eda0f88251e7000000000e8000000002000020000000b42c0a6d603e7ff2e3b878a9bfb512bf902a0e1cc11e9ef2821d78d75df277d2900000005af2d2e2dbc2aca93bfe0f573b41c346b0243f02c26e2a068085ff77904f41a41076dcebaa4844add0a264644da7af64af8b687c5953609407db226822cb2902607ff16a2cbc7f9ded09eb4aaa76418d2cf3e8fa7dc28b04b14bd5faab14c6c3b87615fdcbab68e2b8d03f3b1d9e00d8987b60749324a608cb5f9b91abe2d16b872c7011eb5185125574c46e812e51bc400000003052397f81057297788293544ea24aca61b08788df242d6132257ba63a634842cc26eeea243c0d551f8ad9994a504fa0cc5f65f1613bfd0627a4fc77f8dd53b1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 503b82b8ebbcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DE722CD1-28DE-11EF-B3FC-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002a9ba2c6dcf6256073ce58adabfdfaeaa246b184405710c8be3bf7bbc5b86f8c000000000e80000000020000200000008df774786975c1ed69b3532dd4059d5b23bf337947a140640cd495a6bcb93c6f2000000001ece0a5fb4d201265716131123e4ec30422fea2d94652c89079644813170000400000005f5da9ede62c1669653422d930c577ad9c21d768530a1b5b19b7b400ba4082cbfd89857f004dfdfd77cf16520d9de4fe15aa1caacb687b78d2fa3a6406a9c6da | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424374185" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1884 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1884 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1884 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1884 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a173c21c330bc6faa8e71c764988574d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1884 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | inanhoabinh.com | udp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| BE | 2.17.107.235:80 | apps.identrust.com | tcp |
| BE | 2.17.107.226:80 | apps.identrust.com | tcp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| US | 104.21.61.253:443 | inanhoabinh.com | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| BE | 104.90.25.32:80 | x2.c.lencr.org | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | d4ae187b4574036c2d76b6df8a8c1a30 |
| SHA1 | b06f409fa14bab33cbaf4a37811b8740b624d9e5 |
| SHA256 | a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7 |
| SHA512 | 1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c |
C:\Users\Admin\AppData\Local\Temp\Cab5FDF.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5FCD.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
| MD5 | 79d51d55d814b2d18acc7e48068b10fa |
| SHA1 | 1c537d4fcaed34d5ae17f3874849ed5e656c1900 |
| SHA256 | b74369cb8002cc871ccfcfb2dd109599a4cdb6450d746f0eb6ca911b396935b8 |
| SHA512 | 3d440854848640dca94a491716e0ea804adfdf15be72a81ee751f4f454461670390802ec5eed89ee9e3ebdc44e9964505da33d16e4bf9670301926000634d9bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7de8258ed3b5ea84c3b02cfde2620180 |
| SHA1 | a6811ffc0e05def527cce922d201c4e5dded1563 |
| SHA256 | 2fca3267007a4dc73ddf64225dcf98a7bff2301c845fa6a45909e353cb472864 |
| SHA512 | bf58d435076402ea464455e1d390dd6fc6f3be4ef399a3720063ed3b5ec4b736ec3cc3c8a3cec18c5eb55b4b7289ceed2e209c877533c4fe2a1e191d130033e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99eab42b0a604d1f9ca99361d2b9eff5 |
| SHA1 | 6e709a515c0275748fc5f4640afc8b22c9605500 |
| SHA256 | 2578ec801109dd633752b8a5e67255768bcde0866344aae07ad0bba4e3a0d2fe |
| SHA512 | fda53a9df557ff36bbc7ddc891bbe754684f6b5f2a7e1fcfa9c971742e2bc5698b6d60f81019a17a8cbf83dc98dd326824448be151cfa36c1a949adafd744815 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 8952dcbc2361748f4a1d9c3e261f5083 |
| SHA1 | f416f2a691c317f2e8d20b5b276fa92dbedb3746 |
| SHA256 | d2d62db374f54a7ab12d3c49a8f6bd1754760f77d9fbec35e4ad446ed697ead7 |
| SHA512 | a31b3496a7441e3ae5f4d67bacb1ba897ae9a50b8f703ac81b8458c9d0f5d6aaa8765c20fab8071a1923b6905e36dcb0d7881a5e50fe1316d41fe53ffe8a4878 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 77792f554d3a3ce37066a0287a30bcdc |
| SHA1 | 46de16ed3881369cfefb618a240c6a7161bb3bdf |
| SHA256 | f65bec9420ee2641dcb244cf98ce0b05486cea671045f70b609487768ce9e0a4 |
| SHA512 | 1c7e13a6f3669880fb5641cbba4c3e02b8cb851d7166cc76bcc435660b70d9c2ba34cd944138f7bcbbba8e933d94560296f91e63e6125bd4362ebde41b2c96de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61
| MD5 | 5ae8478af8dd6eec7ad4edf162dd3df1 |
| SHA1 | 55670b9fd39da59a9d7d0bb0aecb52324cbacc5a |
| SHA256 | fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca |
| SHA512 | a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 413bf4324a79c78a0e07ee1796c53bb0 |
| SHA1 | f6cd3aacc9f3b8c11fa16c5bf3788eaf20e0abd3 |
| SHA256 | 9b9da7c050bd0d73fa78129ea8e8d7a1c53a73795229df5d994e1f23ae947706 |
| SHA512 | 860cd97cf413b1e177ea4b73b4f16f178311b83b8467b5aab220afeefd2a8fc5140727d3d52af1b371e8749f28244fe182e87888e998d9d4361c57c6e3ef22df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 952c86a74e2e80d7aab75a4f7247e919 |
| SHA1 | dc1d6078c3d74cd6dec99184d053c5112e73e0d3 |
| SHA256 | db38217f8cf45a4f323bd98b349ee56aeac5e9806f7f14db983e91e589d30896 |
| SHA512 | c1d66d704cd5aac74e9ac751d5ffaae125858f75b660141d949fb08f8ffdfaef2fdffa6cf55f67c4daab86abd23afead543308d995879895494726b92e421afc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e632e3a0d68eaa64e4ef02945e1237e3 |
| SHA1 | fb90488f5933250dc3fbf0bdd0314f5631dc343a |
| SHA256 | d11584951fd44b7cf57f74e446824da6fbc2eaefb42200a639494d6da241a7c6 |
| SHA512 | 3ddda8d3ea6156d793f11c699222b8dca3ae3982495c7b6b2e83380abdf4ffacd0b458c765a83a8cc859e97220c18cd2f41196d77eac31f75bd60a64fe292b04 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b2efe0559b5948630be6ad63d03a5c2 |
| SHA1 | 59dc37e61fa64ff52fd96da1b57b2ebd50376c85 |
| SHA256 | 2f1c250613bf871d33e50c602e53bc7f86344da4278f5f9cdfa1e6cab74991ac |
| SHA512 | c7a3f29bb8cbf96b2c2018b76186ff3d06464b2795e8df682371a1bd47bd1d0c7c6547ba012b54ec580d349eff073b2b9c08a8db101948ce6800a536d53a520f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78e25b8c3a9f8f5e0eab9d28f2a26447 |
| SHA1 | b1bc696d055b7f7e03c7c3824239fe8cdbb7a5da |
| SHA256 | 1c231e70e5a334a0e2cd7e0d6691eaff815c5979316b551fbfe1d29cd5ae26ca |
| SHA512 | 66574fd9778f38669668c2d31e694170f7d137e8dfc5276ce199c3d000ed4dbcc545d16ac27cef860297ee63aead880621366ced4d2a5f66021269b40512500c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d07fbba819592ef80f87956565b03fc |
| SHA1 | 13749b9e38ba8f2d59c3af4966d3c967d15dd4b1 |
| SHA256 | 6eaf0934882518ddf830220ed7031c0b09345295d8f3c49a8dea164dd7aea812 |
| SHA512 | 886ed95b83ea89f4b582ba1009b9a953986c804955749523adca7209758767f4c64703a02aa4dff24f3b82f9f3e549006cf63d9455eb278f8d8567ef3cc746da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efc84102a4022375675d3ab7feb2382f |
| SHA1 | e41210f7a86e72ea72a37f1c585e80fded04a1cb |
| SHA256 | 4a6ddd3b69389a33c6a584f4c7f0a3b480099896229bb80fcc5adc19b8b41650 |
| SHA512 | c0d6bbe898ef617a4ec8ecf46b07d86c368052f3446e9d595287560fa547b73d2835faa5e048c78d645a048ffbe0feff9ebd875ae7d8053d465aae553b6189f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 280cea9982f9fbeffca662c723052e2c |
| SHA1 | b3c95f768aa6d373ddfa5cb93fa71c32a8bcaf2f |
| SHA256 | 03d32fdcc795067e431c7038f9e4047bc9f4fc373edd9bb8ee1c1859785bd935 |
| SHA512 | c1a3d443c2b25cc5c1485edba620ce66695e771c3b4f56b2199967da788a2c71c599ed88b43bd5cf1787523c7662a2084dbbb072f4baa3ce5b3f2fe077027bc3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80b5e78aa603273e426cdadfd2629d89 |
| SHA1 | 40b7ee1f3bda6c1ee06f47ba8f7cc90ebf3b9501 |
| SHA256 | da2ed37a4c0091c9a35f3308377994bb26715dd6dfc09cd1ca446c7d22648cae |
| SHA512 | 7d56d016dd72d6eeef0b879591b6974d9c251de90bd045a5e08182440d74e41ba2c39d62ff6469b8dc75796593dfa17a57d91aeb2f5a05542686a8620de5f494 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89816f14001069aabeb69085e6fa4e25 |
| SHA1 | ebc5a5dd94bd73b8f4b381e24064e1bccf52e441 |
| SHA256 | 4c4346069381bd88e8cdc6cd7384f3a0c34ff7cde78e490989258b568a0651a6 |
| SHA512 | 5a41549848f98c34d653cfad3031af751f8f05093c642a084b88bfe53c6614023f9d488f7c0499ace058ec8aa08e6d69c0a9824bfbee83f41115a919047e3695 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc1ed357346f131dd81c2093aec50c79 |
| SHA1 | 4172d3f10759798da88d8ad13381255bec1b24a2 |
| SHA256 | 4c0e0dafa48ac481de112e3b832e4399fd7d11f084e1047d2411059022eae8ee |
| SHA512 | 0a44eacbf57144cf25b4124732eb3516ec9330622326a23a71e72933f2544d445acc3b12f47d23a2e1e4a56007b58868fd92b96b9e08d2bf2090fe04d6919e9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6040a9f59bcd8337f465d6c8b8d56b92 |
| SHA1 | 972a4e35924e6bfd9bb4b61ebd90b8eb22d80125 |
| SHA256 | 2154872b978d5e84213fdf9f2ab131c6e9d4380cd799e37b3c0b57a1efedf716 |
| SHA512 | a086dccf948c4f163fcc9bc660b5d29db090c585059b1c7ca63f478efd999177356f4e1c98b1868705bb1939b7be3642e6115ba436316b2478f92e84ece901f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19bdee5551d7d0216c2204e1733fe1b8 |
| SHA1 | c134301897ba47fafd34c4b70b02bc51193bfaaa |
| SHA256 | deff54b6ba9e7836d78bcba2f5d13409f712f0ad6fce0b2eb8422b235b422324 |
| SHA512 | 874e7698e72fbb9fdbfae2db85baf4ea30737c82a0cc0c62d8491933ea0fdcb44da7f5833a199327ecdfd9984ba7e1ca178e02dfcae51bb173c026a5452b9343 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3fefd368b7274834cb61e9956868f5b |
| SHA1 | 1b8c34f5b53eba1fe0932dd022ba10151d8389cb |
| SHA256 | 47db1de200b597d2f0370f6ff73ce3ca9d866ea66763405bb9d7f98b96b9518e |
| SHA512 | 356afd5db0e6d39d3346fc20dac3b839ae0133853cce77a634ccb66dd1ea4603767d5243cec83775cad11821df12569b839fb3d6c989b06194b291e2666513f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f5cc4ac4aae1cee5f75894898fca5bb |
| SHA1 | 9980600582ffee66a63bc0639da7c8f2d3647fab |
| SHA256 | 4151a44c9db1844ade79f36b6a323caefef79b3f58b0fefd0ef0e7ec0b72ea64 |
| SHA512 | 0baf0f6a77148b061b918e231851d41e729229b8b41100602b7885867bccd3168336ecfd84e74b00807acb4c4233509318e582e651d7654bff3740a3ea044363 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0c9068ccf068bd99a7e5c1a019250b7 |
| SHA1 | 9881de643ce239f023603fc07a0510754d832331 |
| SHA256 | 85e8f811b6ca21ef7d137645a1278e8c54cf4874c278d32d8d3e5b8b85e32bfc |
| SHA512 | 69fff4d7e3d05e93833e432ba16eb431178562ce5186521e2b9607658c46b0b7cb7d5daa5f290d5f7c95ca61e14554c98598828b360a6c67a002fb520cec0ce3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f566e422dca93ef5a94ba1edfe532e36 |
| SHA1 | c478be795f439b003793b41c46ea647cef8f4c85 |
| SHA256 | 09040a22996cefed43dcae722eb0044db8217026701003de702db8a9a9796a53 |
| SHA512 | da9d7fb52556adb77e227dc5ebf13c76b2210062915ec38277c133d42cac34bb9fedeb64a479c8829356191a5240b33317231c34b9050400b032d2ff70623527 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fee06790f0f594905ea549abdf4c68e0 |
| SHA1 | 8564560ed505bba1f730e9fa81da8906c070d717 |
| SHA256 | 3bbb29fcc62bf8c49e80c54234d7b6686dea09575a9aeec56e9bc2577c7afb5c |
| SHA512 | 5e7e9ec6c00dc1b1daaea04f9e2f64da15d90d150fa82f646f42d7319992b0c650e537e6c7afff93ab771b8fb12c26447bad0dca1005e5c1bdf1fa3d743bae31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbfeb8594557deb62af09da8fe08c612 |
| SHA1 | a327ad5ce4695d2920a60ab4cf35c02be7195031 |
| SHA256 | be422bfac96f7a4b062a8f477fc569f8ea5ad4efc2bccda64fc4672eee6fe274 |
| SHA512 | bfc169a35048802c0fdbe3b02215bf8f30e8b710642ca1be5a42bee67543efeea66940385546e29bcbe5a90f8132be76a2d46f20b0ad854f887a3b87a92a85ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fce1952ebece35e61c826e8940abe0d0 |
| SHA1 | 8bb20006ece657c37d2d26a3e393370c63bf5bd3 |
| SHA256 | 8fe3d501b74879ec480542866aadf08726a65f99745ec2b3677afc8dc584de70 |
| SHA512 | 39cb9fdd74c3307c8ddc881d2b7ea33f6a75939efbe1f82420fd04391e1e1585d8a266ac2514073d2399a68e10a5374873279fdeaf17df6920d240d6ce33eb42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7412b8f7ba5c9613e5c8f062a9d49a5e |
| SHA1 | ff90851dee77098c7cff88a8876b6beca7441f12 |
| SHA256 | 8f160c1171b1f0f3d0c0047d84884b1857e55cb26c63541ac2cf60252226ca29 |
| SHA512 | 94d88f9ed185dffd5422aa02e1cbd7fdc8e3ed3d716b63c8f8f36c09175de6caf61386d5cf0163f908fe8d098fe91c514cddef3f86dd1d18a021dc319f10d2f3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 17:11
Reported
2024-06-12 17:14
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a173c21c330bc6faa8e71c764988574d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=2172,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=2784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --field-trial-handle=3380,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5236,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5376,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=3100,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=3800 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | inanhoabinh.com | udp |
| US | 8.8.8.8:53 | inanhoabinh.com | udp |
| US | 172.67.217.118:443 | inanhoabinh.com | udp |
| US | 172.67.217.118:443 | inanhoabinh.com | tcp |
| US | 172.67.217.118:443 | inanhoabinh.com | tcp |
| US | 172.67.217.118:443 | inanhoabinh.com | tcp |
| US | 172.67.217.118:443 | inanhoabinh.com | tcp |
| US | 172.67.217.118:443 | inanhoabinh.com | tcp |
| US | 172.67.217.118:443 | inanhoabinh.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.217.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| BE | 88.221.83.186:443 | www.bing.com | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.83.221.88.in-addr.arpa | udp |
| US | 199.232.210.172:80 | tcp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 88.221.83.210:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 210.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 208.197.17.2.in-addr.arpa | udp |
| BE | 88.221.83.211:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 211.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |