Analysis Overview
SHA256
e1d25b597d94a60531b7d97a8198d0bf4ef28820ee100d0c7b9666b9b1b5e2a0
Threat Level: No (potentially) malicious behavior was detected
The file a22d426798abfda4c1710c64fcbcab5d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 20:19
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 20:19
Reported
2024-06-12 20:22
Platform
win7-20240221-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006c7f92e61d6f7e439559a7856234f412000000000200000000001066000000010000200000008e94e567b3fcdc913ca3a85f867d8c07a0e35a5fc2927f8f19dad4879dffefbf000000000e8000000002000020000000cb8b8cafa9703173ebb6fb4d915786c955e86d77d6a252933fd1cf260f30c88a900000003f680dcc5d1390726f93742760463ba37278e0468cecc4833fe7da7ca31c851874aa3200b10d742653168a4379d6e36b2ab977ccb4db408cdb1617d906f7c7718dcc46a9fe8fe90839370de75eb9ab88465df15f6f0e46d52c1fe011d4c21169c3b7f4e73a5b1eaa0bd8cf28a1c538379ee184ced7ad568ad714f353d5c63ee3ddb7fda2d2e519d5cfb9ffaa8162f3dc400000007813f6b26ff3783de440649629e121be5aefc3fb4370a419dd0376fe79a0bc76249e2a713726e1e4799847e5d3a7fbfd82ee490aa41d4b703efaa45329c0bf85 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2332BC31-28F9-11EF-91A4-56D57A935C49} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006c7f92e61d6f7e439559a7856234f412000000000200000000001066000000010000200000009f03e69253b41d110490af6ab4bd977f7849a8ab32a7c1bbafabcb11b2408921000000000e8000000002000020000000c3cb208d37bc08c852c1b7a1e6a0997134852d24fe42187e763b9c3245affec2200000005164585cba287126b011cebae55686460031ae8b2c0b3af94da202fad3d3f1f64000000020b2cae52f5dd30be19277df7d15187183f152660082b9f585775b60585c0eb845f552c521d03d2fd75bf9df9f59da27198bf972ca8163be00fff527e66e6b2d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3069d4f705bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385465" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2944 wrote to memory of 1252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 1252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 1252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2944 wrote to memory of 1252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22d426798abfda4c1710c64fcbcab5d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2BB4.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2CE4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9102c5851d0e7e41aa14b7fab35f5a31 |
| SHA1 | d5c3fe56af322a2bd3540ad630cee4f42630c153 |
| SHA256 | 17f6ecf8768ff12ebcd6222b0854fe5d90877a111f750e38ca2cff0b8c7dff7a |
| SHA512 | 9eb807fff0da5a240674445d047146677962f21f160a2441a2759926491f8ff34077eef98896830f63b98b74e58c17e260d62fdc03846330e0daf53bb2dad2d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ec799f1fb93d7fc5281eb522af1a600 |
| SHA1 | 5d85dffadc30bc5c7b80998a7bd7ddc817e06d51 |
| SHA256 | a91150f99a7759a06ab3fe9cb342afcf597af0c0a156371e2a50b614f360e292 |
| SHA512 | 3c734604cb4e4ea79c79ace570552737df22b79581cf1311e37a1460f857c704d3cc662208b1928da3de8caf728226d8b8e423b5f17989fae7e3caee28b80f81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 616be73de21e7713d240666e527a262f |
| SHA1 | e9c59342fc7d698f15bb06f59d9fc7a1bfedd9c3 |
| SHA256 | 8971b506d3c9b96498b81ab9030d5ef9fc0f3646e08186f4568b871c4d18c1dc |
| SHA512 | a17e58d75f697922e4a88dddfcd31d619ba8fdac3c887ccac7e42552390f1a9da560d387763376645452afc775987eed7131f7b7230aefc0423f08ee33f9030d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7abc1e40273f03da35b602d035dbf2d0 |
| SHA1 | 40d69a8496c499926ebd345159566ab50afcd2ed |
| SHA256 | 90e3d08570f0a8c4a7bf78c768a404b629380964060af53b22c27134104d3261 |
| SHA512 | aa6fb03eab231590a02ec2a2e97207cbe326fc7801ce31e88e486ae364d9974f4264409a5286096d2052df4153c134f71df8b95b3be26934fa92a246f9e678ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c09073bb400f53ca8e09931f93f3ecf |
| SHA1 | 3a15dc6d71aca75957f9bb1b96ad50cd76248c15 |
| SHA256 | e317190323d4b2fb44b508a531d7d77410a00a0ffd562ea11481331b1653fe2d |
| SHA512 | 2eeae0a8a8df242a8ca64fb7eb85d4474225714fc8b8578bfa87f47c26d82121ec1e1fa8f211df94fa061d20e117c691b5844e38a0070e35e2d6f5cd4049d1d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fbf7e1cccd6c5cf9af88ae3e10c52ef |
| SHA1 | 8081090062ec6c92add229f233fe3db1fb27fdd3 |
| SHA256 | 2d692e9c3a6427c21e3b852e01c66e526cc9511472d542e226585d71c6dbc377 |
| SHA512 | bc2b7aceda7a92aa7e725bb13070fe271b19935c0b34888a6841ea5eb548d06fb482b13922db4967855bb30971af591f0051f8ff7596b7da67eee36ab7495100 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00c0ae3042d429b91579924923cebddc |
| SHA1 | 35de80640b7eb801ea816651a2db326703fbc437 |
| SHA256 | e928e84e40c4a57d4332aecd6f2d061f77f756a45d498f6707cc8cdfd585defb |
| SHA512 | ff72a8e4a50f9378662e7de7ed5475a17ce45af0b60c6b1f6d67b4b382df73ea5641711228aa66bdc6f598f12649ab35464faba253f4580aa5322fbafaf1590c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 285147c0f758ea2f846ce37d5e8b2f4c |
| SHA1 | b72f387d65dd8049767fdefab4286b2a8d8ac4e7 |
| SHA256 | accfe00414f5735a3a13016a36069301958bdbd80c1bdba0b11269fae81e5da1 |
| SHA512 | 9166cc653e4ca446ca240187433bb5a1e194c6d698dfe3dcdcd38f926496f8507183b3c1bbb93d2b1c55422d9641481e7e0abfea1c19b151a4c670f1f9c5bf3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1a21f1295c8550975efddda8fd4b44e |
| SHA1 | e56765faeddd923851236082d9664cd2d3b07505 |
| SHA256 | f6cb42660639e941cd2d98a8d81f94995cce4edb0255546d47d47428b79ba932 |
| SHA512 | 8756557ae57b12572ceef24193eb439d4678ff54986509c5366975a3ecc4525ebf9a586f471d9815ea4788c5a4c4524b866951b053bd1a58fbe491958bf518d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a9eb2ecdd62c3bae860e7771ff8a646 |
| SHA1 | 74599bb86ccb8b45724c9bfd01e610d1992a43d6 |
| SHA256 | 62f48475fc701a8168fcdd58c54adb2bccc8bbc179d58882d52b2f772768991b |
| SHA512 | 9ca260fa652fc1ac1b2d27626b7b9de9c3ccb7f51134ba8d8e4e14f9de1fa4debd8cb79a0756e7b62de265ffe05ff90c779d00c8cc735258479c51e41e27ecba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aaa8879096123a2e826734ea63f2d2cf |
| SHA1 | c9370ceff044050a495881ffc2b215bddc8851c3 |
| SHA256 | 22797f8669b7b5b1b9046158ec0d81da900fff5fd11017b3cb2975767ee7db22 |
| SHA512 | ce4405e25a0fb42046e6a8012e6604e53000d48688a10baff061a73b42613f16e938012afb6ff98019c6baf44b171f0a7d78dab4612f1fffd2db32de66f5e792 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 194db5c6c60c8965ab4626e465d2b185 |
| SHA1 | deb3c024b348cf0a5214f3de12b01109c95089b9 |
| SHA256 | 4863f0435554cd0943f808b27382f02c01c6489a224b6938226aa3012d489f09 |
| SHA512 | 327e69f9956c56e7be0ab72e91da639df64f28c1b8f0d7cb96d73bf329940c494adb0803064b2c8182dcd9d67423421f8ba19f5b80f6179675a383cdaab0feaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19f0940733611e4047da308541bad68e |
| SHA1 | 0d7f36a03f9141f7a90aa2ff0ccde1eb469db61d |
| SHA256 | e310f196c0c8fa9eb43e4e71d2361542e9adaa67c303879d651f546bd50dc4da |
| SHA512 | a685c426d83ccd7a14f8f1f1d38ff91a1117e5cf8e90abc04c02cdef832a6d3efd194f1a73e80f38d2913e87995cf2eea3cfc57577aeb4ef6abebc198cf1123e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc5a2175a20357f100c36a8d453579b6 |
| SHA1 | 011f02b70e5f93d71ffe92cec91be42d1acdf140 |
| SHA256 | 6dda4d871d41a4f803ea007a74ab85c3a362eda6f248cc185395ae8ec7fe4107 |
| SHA512 | 46b02833ab966b12dadec3dbeca6af5fb7f8a6d01055ff30b1777e76e14f53157b40403ba76476fabff13ed18b7a753ef459aea21ebf766cfaaa6f28faa7c1bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7092a22a9153afbf98888bcb62866f84 |
| SHA1 | 53d26bf7654b1ca1d01a4bee371a4a2593708771 |
| SHA256 | 29f0adc01421aecb8e98962d179529ecfb325ef9760a61e20b9a7cf356864530 |
| SHA512 | 3efd4d63dc9cdfc749e89f779e2e96874f6ffde35bd1a333f2302ca0337e7f5c365a64d100c81e5bd42ad50608f24da8ce81b1525fbb9b6a70386bf977efecf1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9f738e499a6148d3d0a145597d01a09 |
| SHA1 | 54982530ea166a57aadd339332b0d8fc6712e2f6 |
| SHA256 | 96fd73fd07a1385a8f0e7ef90c253979a3a7c5f664dd6a097911e62b27bdb20a |
| SHA512 | 2af4e9d3930ac1b9b40577259aa67daf3453e2b04cc7d52995b7f183f0e3f7a372051e1ea6baab1c183ba2607cab118ba62b2077b594d6b09eb5381e0b53577b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 211cf87994ead7f741154b0cac33ed13 |
| SHA1 | 1389d9e7e07cbf2a5fccf77213616b2ff0d46219 |
| SHA256 | d92eda3fe5f4217ef2f90dcbf43be900a649fb4d2ccfc281d254a8b44fb67e84 |
| SHA512 | 7b0f1c3e2de2b322bb4b95b0e376e1bd1752e1ee1099380398a286455e5a539034280357cad4ecb4b55583b802f57c0cdf8a83c082806f48500c106d298a064a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c37d0c8b02c2fd397417fcbc8e38f8c0 |
| SHA1 | eb478f6b23db2130c50c1bfa41b97f7e6f10ac86 |
| SHA256 | ac2a3e579ffbf105861294234c87f0808db268e927aab0cdc97daee67f077112 |
| SHA512 | ebcecd836b23fc5ad4c9f30facb0224184df6fc1905f4b045699d9e88d609dfaf09c44ba9482e103c9fc33e8cd8178d6d9de92827fa2a4aebb7ea6de59c373e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94dff4a4fea5edb70ad594d77a156d22 |
| SHA1 | f770cce1f507ab4e7e049b6ef349a90b8fcc6fe0 |
| SHA256 | 3b31e36f40dfc9463dbe4705491fd2c0e77be11fc32e658e89def0c50fb97f6b |
| SHA512 | 25cca70edc4a561253ea2de166c41dd47f6ffeca610c54d0db5d544219b2d2ae129dcb048afee6118b9f3dfc93065af016147c24ba708f7e69e87b8d5b3ae05d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 20:19
Reported
2024-06-12 20:22
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
137s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22d426798abfda4c1710c64fcbcab5d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=1428,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --field-trial-handle=4908,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3832,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5372,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=3840,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.17.251.4:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 4.251.17.2.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.237:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| RU | 88.212.201.198:445 | counter.yadro.ru | tcp |
| RU | 88.212.201.204:445 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 52.123.242.9:443 | tcp | |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| GB | 52.123.242.49:443 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 40.173.79.40.in-addr.arpa | udp |