Analysis Overview
SHA256
031e7c90ab786a4ebe41ca8daf2a8ab8c30101da7d53f9f4c24d59f39b1cabbf
Threat Level: No (potentially) malicious behavior was detected
The file a1be5742a7a6687001167d3d37d9c09d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:29
Reported
2024-06-12 18:31
Platform
win7-20240220-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009a5856e6c3e7394abe4e4373eba7f9e700000000020000000000106600000001000020000000484c3f3c7e36f3f52b8b0e6d009da2f67d5c91809ceb3eefb2356d5a0d8b38c2000000000e8000000002000020000000dd8840a942edd5d913f62835bb563d7c23a069353f9cfec232233372f8d0ea9e2000000003e3864bc11a0462eb0ff865580830bcf76eb262a2a2b278d2239f7d1d74271840000000ae75f73f1005577a71e019973b23f62b76a10cebfa26476b513d6a0ec056d5ae623587fc677d70ebbe9b23ada1e78e004fd512b74455fd5211a8caad23ad0d2e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f096fe7bf6bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009a5856e6c3e7394abe4e4373eba7f9e7000000000200000000001066000000010000200000003a9508407fcd77984781915ee7b7dde7d735dd4472f1f2a88a58f43c9c7b7806000000000e8000000002000020000000d277948b77e3a08495f7a196dbb5c6afa43e2d2ba57d4364e23636be043e22989000000003130b9a376bf94eee45a188de0590f1d2d913675ac2b05e45b879d58b0012e1fbf565e7b448d4caa221c2b2055fc5a4904492ceeafbb9ebb72f34135d38ca52b3b6da1b34f300c9cfecff837d684b50472d32b0148c9f1abc78bec9baff59726b6b55ba07cd1521f779edee08009e9d23f00a7c4562218233f0a786e5cd875afdbba132d08fbc519209107810b25fbe40000000f044bd20912746a276f681c2a2e01852342f68c9006cd7b9489daaf5fe7309a90cd7344655980daf626d0fb7e82086927acfe9d51c9f01bc9374f536a49b9abc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378814" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A6D606B1-28E9-11EF-B73D-E693E3B3207D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2156 wrote to memory of 2608 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2608 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2608 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2156 wrote to memory of 2608 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1be5742a7a6687001167d3d37d9c09d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ihealthtravel.com | udp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| US | 8.8.8.8:53 | 2.gravatar.com | udp |
| US | 192.0.73.2:80 | 2.gravatar.com | tcp |
| US | 192.0.73.2:80 | 2.gravatar.com | tcp |
| US | 192.0.73.2:443 | 2.gravatar.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarFB1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8fd808b3d9a2aa39ce3b88cbd0ba1f18 |
| SHA1 | de7f41da1174af7c9ae28636e0d725c586330f74 |
| SHA256 | c91282d0a20ee256cb6498e01bc255b17c6419bf5ee2b9657cbee915ff8cfe6d |
| SHA512 | 0123d194d29f1259b18dfc7f454482973f5ffcad5bf166a39b00eee574d64af9a55a87c6167864becade07740f4fbf10ce5800c38c066d6bacd1ac1e5c15d7d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3df7200348246fb182093233d342816 |
| SHA1 | cb0545226b1c78ca4ee4fb89dc725a92f8e9a023 |
| SHA256 | fe2232038c0930bd433207e2df9c7efb49a4ff8d86ffe88f4407921fde7f74dd |
| SHA512 | d76e72a429ebcf13aed4672cdf6e06a471887d056a5caa54fcf56a046eba9ca89274d5d79afad10f1ab8205966cbf83bd2c58e9492f7454ee7de05a34081df61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b598c539858f954aaf5a3b49dc21438 |
| SHA1 | a72204d52c08b8c18dfed018a809b6b11c9dfd89 |
| SHA256 | 3167c5329bd63afc295ced244030a9630d08a58df4f5a797b64d3dcd7b2e25e8 |
| SHA512 | dbd4461f170df863a545655c396c3637fe28db05ef14faaaffa7393f1222551adc946ec6052d3d894a331360c03ba13bc24ff5629201b4cabd3fcb44502231b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 312d82a25b6d3c702d39930e32de1584 |
| SHA1 | 2b2036812629f32169d5de54a00f44bfa633534b |
| SHA256 | ce3f730058b1d62f260c31d39ea6290d2ff33b9d5273845e2a0305dd52be2736 |
| SHA512 | 29528450f016af8fc81f43c6af4323aedb43dbf315c0784a71c9174d2c7dc145e342fe041b310274453411e1e7339bbd82b47e25aa0603a76a937029bf727844 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80528e7bd203507bb29a1b8b34e90394 |
| SHA1 | 031d7cc7cf3de28ed2b5f719db2d88f486ecccd4 |
| SHA256 | 40d25c3ae30e1e753a60986af189abf5e7f5d13e941fc26564cdef7c6d9f2371 |
| SHA512 | d2bfb171bd18ef4b2519bc40cfcded2ed87823fc414a14f0b1e3f33d37818b3bdc8a860a04224ba4f7b34ce8169d847dc959b9d939f7d19cea1b0241a13224ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da73a821d01a8557d41d0a979edec7aa |
| SHA1 | 56420700e943861fc3d3083e33c9b9ba5e1989ca |
| SHA256 | 70338fb36673fab475c9969c53bd8fbbd9257d7ce87ddce849359da5c23ba117 |
| SHA512 | e57d86838489b62d3d54ee7234d564362ee6ce27e7b4444b41d931c2dd5f6f0de4dac2ebc671d08519645d5a2d5be69dc9f086d0b7fc040c718963919fc40496 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24b43a7d811be205aff52376a8abc1a5 |
| SHA1 | 904fced2c4f3e0da75e0c600dd4f4f42bf84b9f0 |
| SHA256 | ae34431a068dbe66dfa1e146a0623346c7a6ad2893e3462f263ad8d6ad367833 |
| SHA512 | 6b4086e5726137b29b9a26c14f315d5f3baccab64acab1748690d8641792ce2b2f505059b698f8c2b686b3faa626a02b57d0d585b38ecb55aa7de34ff873a2b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2fbc2b071cc8cbcd7948a32ef869d4b |
| SHA1 | be9ec2e12ddd2ce9419cc72a00dadaf92ae570f8 |
| SHA256 | 53f64d39841f00ca76fdf1249f11a4b1461a4a45df414f1fbcfa671c9d4882dd |
| SHA512 | f0605626fb1274831808658c554483968365b495b001ab9c4512d0f2f5f963fb5c65c84d10301128e57340aa5a056130a6bf6a4ddec4eba0d9f7fb3745d8ad14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12fc2237e6b9b24037f8a368cc4c5e0e |
| SHA1 | dd8bdda066bb1cb8ba2c7e4b142ea6c5f6912c39 |
| SHA256 | 90aa3a38938958e900a9eef1b0962f096e5d1556ac009333900ca0535b50e515 |
| SHA512 | 861cfc1caf056c72bac9a0764a2fb0e7df9ca3981eb41545f1bfe115a6d143ffa21b2d5601b887922d0d32849ba6dee2830b46afdeda72441ffb63e309740a3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b315d17b8ac927d61a520ad855cbfb99 |
| SHA1 | 0a2282cbdacbee7f9f02262739452c78ebe8e035 |
| SHA256 | 87246757c4b29a7924f2eeaacae41c776d7ddd9c48ecbf0c2ba08c973c1e9a98 |
| SHA512 | cfb2a6e9f4c35800e87aa551bd264ceb3ec73a98a4c2b199b91da957a77b948abda5e406ae40aebd66a5729ceb2fdb01d03b77abcbb01d2d11874f70a8778a9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44e2a3348b661ffb396632f4b469cd19 |
| SHA1 | 76c9a9149dedfa9743ec2464e03714251806a6dd |
| SHA256 | b49571422f74e7aa6f00934665f598feae5a956ff18c21f4d484272e18bed147 |
| SHA512 | f7dbd14b06ae06cf2c22df11947a714e0989e12af691c243f579f368c633dd4db2f74c116a04da684eddd5826035765c336aca8b7a28c7a5b68e28d4acf2b97a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 446975464d6232d99f24b44d35412b92 |
| SHA1 | 64f8426a45c7eaa983e926459085b69661e1e629 |
| SHA256 | bf65fe4937eafe1df2a57e688a1475ca891669917e796850ec257eee384eee48 |
| SHA512 | 3a8c47cb86c9c61249464ce5aea35a37d727e8db4e954cb8257149e6e7162e6c357b37f3941445ae4c53de97bdb7a9167a4da3eeb653ad911a726bad9e73d674 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6a5d19bde172dee77e161ce9902aaac |
| SHA1 | 7553c10d7a8df2e1b3fdaf18f62a4156adb0d7ef |
| SHA256 | 39fa32bf25b5e16f9d516b808ea8f658ee2a0452c9f76689dca42579fa8ea220 |
| SHA512 | 1765169fa33679cb5711e7a284787bcbb89d6f4c90d4d0f520a4f24a032db386834489e41abadd2a0fce953eb81a925c5b7b4876a99cbfc22b56b499d0683ee7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01a02bcd9e954eb1900ff3f3e3e10e4a |
| SHA1 | baaffea0049619b267c7179a270e20f313e193f8 |
| SHA256 | f5d26c316c2b0616ff6d0f7033ebc9b05e9935436032245b84ab19e78307d1d5 |
| SHA512 | 9a5e2befaab86b394bfcc7bffd3ef6a31ffbd8469a6f8985e3747caf2407c1001e5789fd7bab031806dee4a89628c45e996973576189f39def1bfc27db56d18e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99154a66285c3e517dad6623325a2fc5 |
| SHA1 | d37b067027865197500ed5f9389ce048ef975365 |
| SHA256 | 0d0be28302528e5441ecc46eac22daf7efeaeec49198d58447e32561d99d2d03 |
| SHA512 | 04608afec16222bbdb4d3e2f6183e6cc40a862e3d0d474041aa22c4b7878f73c33a5e6ac17072627046d6c4a57b4cabc787ab0685cf47bcc7922f88cc7fe9100 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e067e0a995d4393028ecd0c8d58ede3c |
| SHA1 | 8f6e65394d4fcd18a73b5ca8d5e579e73db6d71e |
| SHA256 | a6dc8950300a364e44801458fc152a25c60ed1cdcbaaecf47577bae6176f2686 |
| SHA512 | 677a33cf4e7736dc8f3d23748fa733d04cc9ab5e18427a1883eb56a1bd0910dd50332336af125821734ee056262cbaf73377fc4f26952d9ccb7cd1780f111275 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 3764ace9f57570463d0f8a9c476ac94c |
| SHA1 | 9008b333c00b38d315cbd45ec02915fa38d4ac5b |
| SHA256 | e8d8e812cee55ab8b02929bd0174e3e77c3404e199e03f8eea967f0adfbf76c0 |
| SHA512 | 94472722bba3e8097c793b7d5105f027f19b24e0d76d12b5e2a40ceb2b0a43bc584165041acd103a419aa6c09d36d42aa1a2c747efca1e32d0a88900c8c925bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83f9e8df41901acd11e20949fc2ed586 |
| SHA1 | 4289b203c0932c97816f543e38412ce3ead8ffdb |
| SHA256 | 045bfeaeed1e1aa3fb97cecfa18b43ec07a04beb5ebb25f5a527da54206190b0 |
| SHA512 | 77f1640b9f33e77b711c40ac65af01fdc125657e80cca559ff01fbe173dcb18dcc4b72a21f502410637c6de91789d28399a08bdfa8ae4c027247dce8c5fb6b5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e6a5360b957b51aebb3f571e172db6b |
| SHA1 | abc716dae1d185a345e46da8f37cc03c3bb130c4 |
| SHA256 | 7a85d873d54c4ccbce7caf69f96d825c844496d8fdc10004bcb81ac47eac67a0 |
| SHA512 | 3fc43ab9646b49add769327d1e92df11e475b59fad2d146cc53cd488bb9429c8b2906e5d1e7739a170589455229da2f9f6549d609a64b309c4707b2ae7293dd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0660bc56aef0485d6fc0624188d1e34 |
| SHA1 | c1d0b7f2c483ca270812e9892451504f486f9a25 |
| SHA256 | 854d5c87bf72678cb9f269e50c8fad9819da0a043ee359d30530301b96694e3d |
| SHA512 | 34c5d82c568b8be26d7d3f9230bfa7e7880aad4ddb88f700f71f89475f7baaf774ddc0fa9e99a2fecb4730fe290b3fbdae0053cd0c76e5f61aa9da54ab057c16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 511e0d5e4ac6f22b9a42bcd322ef3547 |
| SHA1 | 349ed5a6f1dc6f27dd68428f92f187e68985df44 |
| SHA256 | 9472b0d38db875bfb345cbade0b8fe8fae62076142958fa164ad827f66122ef4 |
| SHA512 | ba36313d4a3a496acdc75c258ff36cf3d964180abcaa56784e9cb44db2d7d28ca4910405264b022d9cf648acb2373f0e32da6c6d5aa9802dbaee8d194fd06659 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:29
Reported
2024-06-12 18:31
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
129s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1be5742a7a6687001167d3d37d9c09d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4228,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=2704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3812,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5412,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5428,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=1032,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=3860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5784,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1316,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4388 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | ihealthtravel.com | udp |
| US | 8.8.8.8:53 | ihealthtravel.com | udp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| US | 2.20.12.101:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 2.gravatar.com | udp |
| US | 8.8.8.8:53 | 2.gravatar.com | udp |
| US | 8.8.8.8:53 | schweizer.com.ar | udp |
| US | 8.8.8.8:53 | schweizer.com.ar | udp |
| US | 192.0.73.2:80 | 2.gravatar.com | tcp |
| US | 8.8.8.8:53 | 2.gravatar.com | udp |
| US | 8.8.8.8:53 | 2.gravatar.com | udp |
| US | 192.0.73.2:443 | 2.gravatar.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| AR | 200.58.111.44:80 | schweizer.com.ar | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| US | 8.8.8.8:53 | 17.79.187.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| AR | 200.58.111.44:80 | schweizer.com.ar | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| BE | 88.221.83.210:443 | www.bing.com | tcp |
| FR | 37.187.79.17:80 | ihealthtravel.com | tcp |
| US | 8.8.8.8:53 | schweizer.com.ar | udp |
| US | 8.8.8.8:53 | schweizer.com.ar | udp |
| AR | 200.58.111.44:443 | schweizer.com.ar | tcp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.111.58.200.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.83.221.88.in-addr.arpa | udp |
| AR | 200.58.111.44:443 | schweizer.com.ar | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 2.17.107.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 195.197.17.2.in-addr.arpa | udp |
| BE | 88.221.83.241:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 241.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |