Analysis Overview
SHA256
4482290fb9d60383f58637bb4d33aefd1a32e217bca6724b8fe1877e604af928
Threat Level: No (potentially) malicious behavior was detected
The file a1be259c8e7227504b9174706f682f87_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:28
Reported
2024-06-12 18:31
Platform
win7-20240611-en
Max time kernel
119s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000c6d80556547656cd441639e568dc8c118ee6833bb9c5a05254113420c219df83000000000e8000000002000020000000f10c0817e1b66bc9c6e5bfd48ec36933b16da7a89f814f7215697397a6344638900000007dbcab4f949277fb52624720c399442224ab814bd992936e5cbf727fe0534de13b54dad5d279599682ba63b395a260607c4e4fdfe772c75e120705d6cd43ec82cc26151e255b6d96d16f3a4eb394c643867b755d07b62ad2b22da0802d72bbb602334e9a3fb350b079617f20087f32689b27f0fd16786ef51612d60966683021376d5f846d4b9ef87646219f16f4ac0a40000000f9f9945eea9ed488dd06b0218f2e829bc392cb44d0210e56f9c1ce3550579025c14ed8d8336181c51549f68a8a63cc872758e189dfd8b41f0d405223883967b7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9E110FC1-28E9-11EF-A1F0-7EE57A38E3C7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378800" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d49b61f6bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a18c7f6209710ea09cf9a04ff196c3063cf1cb9fbf8753aade121b3da39d3002000000000e800000000200002000000028613cad31f4578d96a3944dce2db5cca7fdcfdeb399fbb10cc7696f817134ca20000000f2099556469483af444d33f7b75316a25704fc15a549edcdd2a2a022403e204a400000003b79c985b4ec46f95f605ea5101b17e6521114c119a96bba2fbbdecac81c3203c437f7f3a0ab2bbcf2bb35f0756da5c3124091613ca1708ed9505876a4c7f136 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3020 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3020 wrote to memory of 2996 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1be259c8e7227504b9174706f682f87_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | ww1.srv.desk-top-app.info | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab94D2.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar95B1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8accabfe2c557990de41cde30466db8a |
| SHA1 | ba903317567e1bd5a27049753dfd0978f704b537 |
| SHA256 | d3e158fa486336f8fd4907074326f03e7a1f490516935a6aa04a1f8f1441dbcf |
| SHA512 | 29f23c4fcb5b27534344f71261e1cb1bcaf196f55bea0bb81b3bf8f5ac326c5f3f480fca4c6883d6b04332a45929c24358d9e0ddd151b4f17f4bed44dbb3a02f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 713a7c0c406ccfb6ecd493e83d526d9e |
| SHA1 | da384a0998ea3e7c7e8fc611e65a668775cbf76f |
| SHA256 | 5061d668940e6a04477b2620398abb5b005187301ccb758ebf9526ccd67e193e |
| SHA512 | 253b7b047416f5d8686a3cb0e8181c96b57031c9d5d4d6b972adbfd8fa66b567865986c2f1d65402ecd1fcd636c5ec2a418f9c702d84006c5f88b1ba774267be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db0de3f8abb9b90fb9f9e7af00369997 |
| SHA1 | be6d739f84f8234a9bb687962bec814195e42c95 |
| SHA256 | 28eb661cfb7ca1fae5f315b16f8c0fb7e2bcbeb4b9a9e17d998191824437e1ff |
| SHA512 | 32185ac09b5e3e48cd8559fd6e8c36401ab3f4fe0d0b1ce98aa5c2f40398b86397fc384c8c3a21069031003dcdd96f667e56a71dfb5db02d3355ca10135d2527 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e59676200b940fe96f7a71793353125a |
| SHA1 | d39036e1baf6ff1ca0de024107aba80db2d10199 |
| SHA256 | c1ffa98b7855d21001f7db0e4ffcb26fe60059d8592c0dc53e711fbf5f08e2a8 |
| SHA512 | f9fff508df924799632d80c00ce809f8c1eddac36b2f93c27e19c84c22af401c0a5fb86c2b17e294dc0005ab35239b674672e3abe5f41634cf33af2a68efc956 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6d727a06241d233ae39504dd86b9f37 |
| SHA1 | f9f05919df3967e1184df36cbe802bbb349d1ae9 |
| SHA256 | c93de4497f95f9c49aa794a02a6ac63d27b2de60774aa61ea56828b4d49bdf5f |
| SHA512 | d09a1ba40223d54be5bd0f5e87779ae4052c388571116f3bb677200aaabcf01611715bf1c73c34a646687597bc3ac99198d72d025518877e130b46d7f3086a94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8d2c10803244b51acb020121b99dddd2 |
| SHA1 | f7a8929d31fcbc55a9434c6d9362dd31f78eb730 |
| SHA256 | 868721a08b0a87c6fa2bd80ba16ffe3fcbd45ade82f26d8612583df0c903c61f |
| SHA512 | b131afdf938e521266a02afa56c54ab433cca260fb5ec8975f79591b2853ef2f7b0dffefb6ca758a45052f5b7b40c87ab22522b155b2e7aa509706e775a39b2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3a0ee12b02bfaa1a2e75b49a0c1a8ed |
| SHA1 | c158ab2fe862d43ac338f15e294fafd97491fc1e |
| SHA256 | a4aa24023f4cb5d3095c4d1a01763ecddd39daf98014aaac47d6496ceab96242 |
| SHA512 | 5a34829fabb0daaf9dd79f7668f9000faddbe040658a8cfd483c0426adb66441434464dd6dbe42b0af75d2b30c9392b4b80d402e325ad3fb83984fc799947b6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9723e3bdf31712ce5c2ef6dad617aea |
| SHA1 | dcd79edebf0ec9d2cf7c22e825c6ae626387ca55 |
| SHA256 | 5a4e0a2a92a6d7f6c9c82edb299b4eca010b3f0abfbeff3203cc83dc62810d38 |
| SHA512 | 494e94b7e6233218575406e935a0196e2459419ae125b33aed8e19c65c1aa10c90133851aad8665a76ca847240b2f9b12cdac7f829644b3750058422f9072555 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7de436166cc3407888b210b7e850ddd8 |
| SHA1 | 90c0b6caa42657419cb899ae924d8ef21fb349e7 |
| SHA256 | b9f494c585525313054d922d7c5cfaa5911b3d02be2e258bdaa1df414d1cdd97 |
| SHA512 | d42ffcd74dbe4f0615c97303a699723d80a6cc570f94ff59f5b2e3b9d9e79d8e447d7beb08226dd1b30379f0affea6f0f35cddb408dfece2582142448a76fec4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cc05e787413db34def597b02ccac4aa |
| SHA1 | 64342fd724d71811a8f04f2eb334df56bd54e3b9 |
| SHA256 | 28c083a202e9817c3c94884c21b41b9604c80e811f753c8850a0d0c71e10920f |
| SHA512 | 1a2543f6286ad8d8263bd042957ae8ec59ca63163b46bce76f86fcd39ee463c0668b2b7d663200c5ad1419d0eda3cf4e27ec5c9cd047ef6eed83d2247a622766 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48622b8470b8b1f3e37d28935b16b286 |
| SHA1 | 129e032b7d50b7583ae37ca212b79fb6cbf4a03d |
| SHA256 | a69b4c94210be8581ab9142dee82a4682c4853ea798e28ee1a8e6a9de1caea0b |
| SHA512 | e78d01bb2d0b27ce647647d26947fe5331682feeb44ae26afc5120be91a6c7d338b7f329cb8cdf1d1ca0576cba59260112a81257a6ee44551420363953fd8213 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4c85bd0a3afa9232bd24c18f830a896 |
| SHA1 | 0f72df3e5047b2e30986ce0349d1572394e78711 |
| SHA256 | db10c070202af2d0892388cff054c95e9d9cd75ee052e699dd40f489b9e80b60 |
| SHA512 | 3f8b80ccbd1a8d02664f251365021d0ddacb5b79a472f66b9ecae86bcfffbef16577d6d1284e3fc57387958926c01ed7453037b37ee968805d80aa81cfc33e3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dddd703e6371b6099ff1e73a558ec1e |
| SHA1 | 174c1210fa9c7e0389c11b7fff7fd4b611993a7e |
| SHA256 | 67b40218a99bc5acade9edbe4e55997f2c20362ec9c6e6a9302c8d03e7d20466 |
| SHA512 | 80f70b35f769534e9d5de6de2eddc08abbb071b4711ea3102d20d1aa0ec5463f0e251b448199684aacca07c0a9c11939f66fbb77058c4fa9f0e6452f48b92606 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7580925e817b625ea22528568cf20f01 |
| SHA1 | 6cf463d2e25bb1c890617ea605973b9c9fc7d7db |
| SHA256 | 716d50da7e73a8e7be291633a9791034d5d065ca38905af227a68043bd51406a |
| SHA512 | 0d6c4560bdc514f2b4756252407b400e57f69a68c3996f1e5aaf3d0aa2dbf8360adc4c25caa15983177feba62544c0f028ce9496e627cf77fa660fadbad7aba6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6b2fa18d720f6550483a35ac91d32c0 |
| SHA1 | e8e2b076175059f3270cb77012e92f4e943c10b0 |
| SHA256 | 3a65240a3179df1f0e9befee8a7a3fce6fbe8a510a053d139e0021a655de49c4 |
| SHA512 | b88168198c104d3cc9efce2e7f277e0c5891f4ee9149b66a1a09c3e4a3849a379b3f2c7b8cabe668f9833b511a66ce95f5c55af10f0093fa24c6680aa7199af9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7364253ee839bafb88eccadb72cae307 |
| SHA1 | f8f04cf99e0879a020312bd71f80973ca9a69f28 |
| SHA256 | 8ed8c15597c0266a7a56782c34b98aa6228e90e2db133843d102f3d527a7d9a8 |
| SHA512 | cbd21f830f96d819d7ff823578e3aee905788282bab1574b8713064aa564a950d609ead35f9a75042f98d7eec7e2e75469b957aa62040c764c269aedfa7db6a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffb70ac5c208882c262ef001d17b4531 |
| SHA1 | fb846d604a0dd20173a34073f0edaad6bc9095fb |
| SHA256 | 8e17693102d2499cc1f1e388f190d7307367e508ca95620636a4cccaf14c9bdd |
| SHA512 | 3bf660d324f27aa42fd093e80ce5b5818349b381eca473845bed41bfc5286c370560252dda6996fd65176b3197d14c448e2136f882d4efc3baabe6cd507a298b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35d3e3c71cc5dd1ce6cf2a0596012520 |
| SHA1 | 629f815200101ee734b0ec3e48002577ef9b9d13 |
| SHA256 | 04447a38013479f803d9599ca1142b851fcbc0d31d7bcc7ff498ccf7afd2de9f |
| SHA512 | f633e8ea57da89ee5aa78e3fdff7d83e3c0d44d11cc79c5755c8014fe45edbdbb3a6147ef6c3a3a39bd68a56b452110e11e8c258360848de91023215d9b97a93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c276aa0a1825315cbd10269ab91dbdd3 |
| SHA1 | 34d2c321331d685dd5d8f535f3ba3c97f120886c |
| SHA256 | b2e3e853953bd734a76101ac85556e81fb3bcceafb47adaa824fcc22009f04ba |
| SHA512 | 27eaccd5c083f941f2c2f92c958408282442e834278fe5839caea2e947188b3bdbeb7e9b94aa4fe4a1806772cc0a92da6dfac4fcd27f301ece08a7f3b5e86ba4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:28
Reported
2024-06-12 18:31
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1be259c8e7227504b9174706f682f87_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4168,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4568,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=4436,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5268,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5412,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=6100,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5868,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |