Analysis Overview
SHA256
153d5d645498c80019342183e78f6a54d764d4de613b995d49718438edcd632a
Threat Level: No (potentially) malicious behavior was detected
The file a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:19
Reported
2024-06-12 18:21
Platform
win7-20240611-en
Max time kernel
136s
Max time network
123s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A017561-28E8-11EF-B3FC-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f64bd5298f75ef0abe3324b32c2c1138a9e3800feb77c4d68f3ba963c6f6fbfb000000000e8000000002000020000000a0884c0ee8b0ec9d8573790194563dd72705fde255a6ad70119e5839fc54d20690000000d0d80944ce9a90e1f25749071cace380d34948bbf4263f204443696229ac45a7ec280cf6d344574fd2e41c11a04207ed74f3c5e05668c8ae373ed698d6babb7e653ad3393ef5960424407a28a0d1e02a2118826aa377d7a785c75f3ca79d703fa94f35d1d2db03fb8609882b3ca4603a8344501178b48dd31f25bcc190fbc9e10ce5ff4d8b4efdfe7123d4759a8b22c4400000004c80b5df3a0c5d576506cb15234f76b75b2166eec8fa68c7b92d14e67a104eac3aa28353abc6cc2a71b6aa0e517c1845654740e44e735584eb8c6073ea19cb15 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ea5bf29a29c369042b336fde6bbdae5ddaf283e163438ac50c7683722c9eb7b5000000000e8000000002000020000000bb7c39b1b67775955048d9179ee8655ef11309be10f7d2c6410b1e3fc1127eb720000000129cc648d4e432c1d46994bb73edbd09719cca7b45f478a29e0f81e76614088e400000000c7aafbb2f1402d1010c12186f8a3baa36144515ad3ae72a392089d60512c6398c1dedd174d4262d6172a67ac906a490531b2718e1edbacf7a02ec511f2658a7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378230" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d29e5df5bcda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2860 wrote to memory of 2548 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 2548 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 2548 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2860 wrote to memory of 2548 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | a7tqe.cn | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5A90.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5B20.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acccbce62436232077fdb2c02c7c34ed |
| SHA1 | 1e5d9c95da3d7170f3782029290b37b37aad91db |
| SHA256 | 62888d94d6223c5f1c6314af135b70c4df3a2721dbb11c738689f1ef805d9d79 |
| SHA512 | ebbb707389197ff4dcd057d238ffa3528aab7fccfa893ce2ea540ab42b05e8f76bc7bc6790bdbe883680fc13167d68487a1b64af064b1ed2e8f635994708a08a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50f904be2154c24a35eb226e4b442de9 |
| SHA1 | ccc0e946a0a1ac278600c996d3c63436121309b8 |
| SHA256 | 14b803872988d001b52d5e1fb7274bb967d3583ac4ed7fe137dd939c9fcf7738 |
| SHA512 | 5edc7de46b5a3e3694aff8efb90f3db7c06a97352c3c8a2b3e0b783fc9913ab5bfd9c39f4ecc5cc2c6f987f715589560c45fe9ab12588788827da2731308db3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 730db1131eccdfd04d17023536fb0e02 |
| SHA1 | d574cb001c9a1e5426d84addef9604b58f14fe03 |
| SHA256 | b5d9c7ac72c77030edf433065b66c2618640831d5eaaca17b473953b6ae360d1 |
| SHA512 | 99216849f80fc727a02794992fc9d89adc75b8665121a4da5e303044ff319c153a963558e4cbe19642ae0d79a646fa4f718d44e17fabeb300759634c0385dd0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e4190d5de192419bdf933fc440f9e64 |
| SHA1 | 82c4f98825b9ac15f8203938cb36cfd049a176b7 |
| SHA256 | 3df193a185be6cb1595ab9595990d2445cf6c1a7c9d291ab8e4824a7cb55a511 |
| SHA512 | 1d9adfc7070919baf5fc1cb3fd3b085949e7bb33352260f8ef1fc2d16f8cd4b6b0f09c75156dce9fe3f28dede18b08c3894ad32bfae933653ba23ef2d0b0ea9a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ae7551f846d5ab15fc6b3564ed4fe18 |
| SHA1 | 4da7d41b0341f8b0df795ddea8783beee8604931 |
| SHA256 | 25be5b820ed7e7f4254b98fee48442b3d89ea3fb186892303cba4de251568adf |
| SHA512 | aed665411488cfcacf95ece5b58b5c2b415255e33d912cbbee645c31517c0c7aea64dee324264e9b4ebf1c83340b258213a2940017abfcfad1775cf4769dd359 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b84d770c30d465be55e198eadbfcd86d |
| SHA1 | ccd4a4310284fd667202c474bf4e76833bbb1f70 |
| SHA256 | c62307f5748c67fbee8c506a18a004ff6b3ac6ab293001e412b67862793be118 |
| SHA512 | ca848c54af6badcfba1b7e50abd84649974a4209bc381e1f975f55ad8b6c32e38d8a0d17d9a53a09deee5115e0f4bdeb67b837683d4eae89ebf96ae72e4e4205 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9bac77206e0a9815b707b1377ac32f1 |
| SHA1 | 001248a6b83196651ad66a946c27d3b95dfa784e |
| SHA256 | d23bbeb5e721d3267759d41cbee6ff45c8d47ea62ead73fa3d03cfc4d7fdb6cf |
| SHA512 | eca00a95a17b4368119760eb8acd1e11b2832fa2bd72ace6b0c7c0accf11e337ca75a610c9ced77ce0ef17cac59389b82d06966d068c16517d18af190ae91cca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45f16c4b52bb95284a69427bdb30df14 |
| SHA1 | b1b920b6751951959705eb7d2fdfc224ae87f91e |
| SHA256 | 39ce1a1ae94ab293530b89b6c19ac09bfc9c60c36386db5bbd526dbdc16fd58a |
| SHA512 | ea68939a006e19b43183071dfc735ec721f841b46c8ac92b69450e7be1c37c2a4106655cae26ca1200fe348753eff7da812f2644b4f87bbe3cb82252042fcf3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7baadddcfa53554c9a51e819de6fcd95 |
| SHA1 | 3f678ffe60e88c9f4d3b6e52771b0a683cf213fb |
| SHA256 | d140ccd9d0caab99b88e5dc8ef9cc0eaced923ba386519f54e604feb2c946b59 |
| SHA512 | aab1d45588e5d384dd237410729cfd7bce00385b6e70344d8bb9d2aac0807d098b01ec44f15b4a2e28d65c594ce0bf2faf1bc4c59ef45bb89bda8544ab88e8a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97cd66cc957c7c87423adad27b260997 |
| SHA1 | f75bc8792400cd8d6d904b4dce0004827af9a1b0 |
| SHA256 | 8f87191527fbb6243cbf67bc67d82f14ecbaa8a33e9f7350a18a7e026e7aab75 |
| SHA512 | 73a469122f1311757e6e1fa6c804b379d3531e09fa00352dd637d821520f963bacb91c4cc7584b7e28bfae37615081cebe8b7b1c7b9901a8b558560681644168 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e0f96e434a745acf40d505033f1504e |
| SHA1 | ca2862ecf4c246bcec70c052706b4df09f17c0db |
| SHA256 | bc73742f9b4767ec0bbd98228adf4c06f7ebd07d165489b57f8e1b6ee41b8c82 |
| SHA512 | 81c0cafaeb5b7ac2dd5ceb1d1d41a70463a1b2349bfe8ceed9b0937472731bca19056fd0f8aae9dc049d301f8eb083b992c007d0fadf1ee6cadecdbd0bf6ffa0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce078039983c35b4096899577be0cf66 |
| SHA1 | 367a09767b90a09247b4e586b97712f5855b6433 |
| SHA256 | 0d0d7615feea7fea9ec4b5601d01036b975436d0b0bbefd00420a09b905ccfa6 |
| SHA512 | ff05659e3c8fd69a1acaf9e040f615882949e544068d3b0eb25690b1d924223b06e85bfecadf052d1e9c41daa63d34bc87afe7c260967260fcf77adf35bb8177 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad065614e2aa92bf5e40574c75833cc7 |
| SHA1 | 89d6d11609886f85900700e1428e5e311cad25b5 |
| SHA256 | 38d65eb7f6d0315420bcc4e8ff15dadb749cad9457a99ecefdd12419055b7780 |
| SHA512 | c74dba5cff0ad83f8263184785bc971ab5c9f5aae1739a8cab3c38313e5477a275adb50ee773ef9a20d23114ec96112eb52ed6b52c86bc86f6fb40d2f2552576 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fddc24ff7ee919b765db2a2bdca11b92 |
| SHA1 | 83ca04237b7ef5ae368f4165559509f66cecda5f |
| SHA256 | d64e4792ff110ce3d1eeee83465be8806a8eb70c5aa99f0b7ae86608ac3fc35d |
| SHA512 | e048062dcaafa502690813f06049e2f3cecbfe78270f5c8aa06777f7d861f43f04fc0e970dc4623da5c0464acbb84b8c09c242379f01f45282a1cee80b3b6004 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a352f5348d2511ea3a12ed56a300b68 |
| SHA1 | 8706224b5f184fb37d7d01da77c84b322f9b1a8d |
| SHA256 | a6a8f0fd9bc10e9743d0ad03db190686b275582ba52826aadd68549af61f0fc0 |
| SHA512 | 439f3784e43ba2e4c2f381aab65ef262f169de01096c2180c24189ee738a364b299eaaee7d5fa2666534ae801e5082b3ca42da75a6784a26c0c50593a37025b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54b9b37a8b8bcd26f54b66f30f2cf1b2 |
| SHA1 | 8cf2e90535e982fcbd87a33a616cc9439fba58a8 |
| SHA256 | 08bbacfc333ee11720d45b1eed54cb6476bc7bf863b7a33ca660beec0b2ce653 |
| SHA512 | 7f9a7f275803c106a3daf7cf6e1fa2ebd5c93c1be376a61b2cf69761fb3cb33d9a62e81cff00ae5ee20e6b10c92d27cdd9ec0c1f84b3feb2bd9178265b2ad657 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0008e623e75d5de367ffbcc5646b07e6 |
| SHA1 | 68b68b2b682ec64341cc71aec5bd778348431d63 |
| SHA256 | 0d7cf46041e6eab0e67f2a99d2994c69e66e4a65a95e4694d3444cd5e9872251 |
| SHA512 | 23912134ad03cb626bd22dfc781ca8f56036806c9eebc57f595984d047da10c6084e35acb6e95aed562a9236c0bb005c984fec367ad7b9b3592c5a5d4c6824b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffca653c87cb5b14224ca2f2f760827d |
| SHA1 | 9f8ad860ef1904555422b87ba2b6432d348ae2f0 |
| SHA256 | ee3c1e091f559c6ea726af0f8d8fbab9ea3347fab1c07fcc750d55a2beec6952 |
| SHA512 | 402a57878c22684db46afa91846cf6a16b886bf0ca4570367b14c79d6174ae936c4a5090946a168f4990bb54c641408c03bf69bd4618841712b510b27c1c3929 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:19
Reported
2024-06-12 18:21
Platform
win10v2004-20240508-en
Max time kernel
138s
Max time network
150s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3988,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4320,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=2680,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5404,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5412,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5904,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5744,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | a7tqe.cn | udp |
| US | 8.8.8.8:53 | a7tqe.cn | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | a7tqe.cn | udp |
| US | 8.8.8.8:53 | a7tqe.cn | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | a7tqe.cn | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |