Analysis Overview
SHA256
93e830ab6cec8b2655f9769ea4d7cb1dabacdeda93d10df563545014156d6d22
Threat Level: No (potentially) malicious behavior was detected
The file a22da812095c8ab36c91f6263778919a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 20:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 20:20
Reported
2024-06-12 20:22
Platform
win7-20240611-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000f54bd65c200c6e245a9ea3e39a44c999ca8e9fb34b65b94f6115dd53161c2487000000000e8000000002000020000000beb89e2dcedbc7008b5fc02cd8dc7196b2992c87ede51f4f3dd76a79a9a18a9020000000a99a14b7af89524691c73b4c374876cc271291bcc207ce42576dcc74d97fbe6a400000007d6b2459a11bb4f8c73018439fb5d63e4dead4228d8f85f80aca72f1fa1a691dd4bcb8e355c19ab7cd7aa028dd2ec77b465734a42a1ab4dff2c167a6b4d19fe0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09db70a06bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000a465d86d9f41fcf1280ea939ed473c41f461e2163e63a06052f87deafbeb3a84000000000e8000000002000020000000294bd5b85616bfdabcf07d4f63f6a27995a797303b006242a64be4807f4f810890000000f3d397b415f3d810bf73b6c91074f626297eedbd9ffc8e09511c85e46fae1abb2bd8f66c8234e944355539eb35dbfe7f13cfcacc1160c23001485472198500f781fcbabdfb582dc487bd3ecf08939d2d8ed49060b92537d253aae8e64952264fd7a17df00ae01425e792c3b8dc241ffd74169733690dab92d7fe811030aa8769db93430b3d557d12f71cda9fe0b01fb640000000d4b2dc856d6a413481235be03ebb8062ed2df4c913ed9125730064e25b770c73ca959ccb0c8dcbac8e44fe8e136480761fe5366421a0d54ec7d9cc8ad76a86a1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385495" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{34FEEB01-28F9-11EF-B9DB-4A2B752F9250} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1936 wrote to memory of 2828 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2828 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2828 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1936 wrote to memory of 2828 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22da812095c8ab36c91f6263778919a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d78b523b9047f7dddd276e38d3b3709a |
| SHA1 | f4371add67a5b5565897384c60745ad40fdfae1b |
| SHA256 | 3218a4346360594a0831ff9383529711885c85b88bd5114999334005e1b6e582 |
| SHA512 | 431fd5bd3340df3561c5bb6d16e9179d8ab761e3532204887ad6f3a0b66d961ead732f18fdc7a7e7d4620282b8f5238114cf0c18b86ddca1efbd6250fd6a9bfe |
C:\Users\Admin\AppData\Local\Temp\Cab2B55.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar2BF8.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1132cf36de34785ff75b82f805df64b |
| SHA1 | 148de7e22fb72064e0f4404205b2e83b47032697 |
| SHA256 | 8bf6a874829268e128c0423513d7349376e70477195324258f08cee51a5633d3 |
| SHA512 | e2a46dc26f77a2777afcbc67d0b86144f5ddffadb88c097139e4e1b95b1552ccf8bbd73187385b7bacafb4bf24e67fbaca9412b8fd4ea3133b17309c6df459c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17bab072dd4b3be3694254d509f2a8fa |
| SHA1 | 2d7ca0a77f9d120d9268b9d39dcc3aef2cd20413 |
| SHA256 | 860134a6a57faf462abade768600eedec9e2ee2393e67d7006a1b01f1c12545c |
| SHA512 | 24514cf4aa0d7b50d51f113db3f8b6c735a498b3181b688f315a22f7388cfad581118c4a4fea895074f663c4015ce668dbc5c9b3564a53480e9efdcaa64d6c1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e171c51755234b9659f149c6077fdc23 |
| SHA1 | 352dc6d3ef06d22b1d79890c93971fa5c13ee322 |
| SHA256 | 3a319076691800b3f468015948833f9356a8abf7e43d5d013fd633d6e499fe3e |
| SHA512 | 84d28708c2905750ad1479549b490a520c6a299399424232e86528659754d6e2933b0f179b81e99eb9e61710f48bc8aef0ba4ffe7a2facba36601663aed1fe39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a54429edc8dbfda86ed67389751694b |
| SHA1 | ee2e66a09a1ab8161448482150bbaaadec1b2fff |
| SHA256 | 87904313ae9ee311520d59ed7126f43bacd31d3cf064a99b01589baaffe09efd |
| SHA512 | 807a3959eef745b0ba8f462faa6402fa7f1bad58143a08b4516658ede9d7ff196f0dd53f40b83e7e838f18adf3edc1ecd554533a4908e6f5d8ace017c3c8deeb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c06b3294f8e7035144ed706ea6b3ab2f |
| SHA1 | 1267d5d6e833fd5b6a373e11ee14eb75fad0f2f6 |
| SHA256 | f2dfedb41fcc13d35877c67adabe2c953c5a7073ff7a3fd91f03941ed424f863 |
| SHA512 | 82b94fd1b426c023f8a00d295ed584ddbcec1b2a643d41e24a2ca622869d596ae5a2fc5c2efd10df65c448ad86e0a2df02ac81a2ee06e5a214b15f7979a0ecf8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 569c500d68df3a413db8d61be464df9e |
| SHA1 | a6456a24f2471787d2662c055d5afa30ac6ed5c1 |
| SHA256 | b4afcd751e072f20b8c72416f4e5db181ec337bc88741462434c3ebd16984715 |
| SHA512 | a75350bdfb6ada50e00e593cc3a638cfcf7b0ef5ac871dfded079b1522f543959e7a765aa48a3c9875821e25bfeecbaca390ff57aab1da23da7ae2b488aee224 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4702795f54a72f94f50fd923e6c7c957 |
| SHA1 | 3f6af0ccde85dcc600f752436422f3017f8bb617 |
| SHA256 | 4f865145c16b605e39ef24b54d250a85490c9b96d8798641c6a17ad65e159bfb |
| SHA512 | 17444d5bb66b21336fe1fc97b53855871e20397e2ae2320438bd5b26a02d5b68e3195dce585b9419236a48f6f1751782e118e2132d57b86c83643126dc9253f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f496fa6cbf4749dc3a7497bd29157b5 |
| SHA1 | 89398a50bf77fc60386a80fd19ee90e0f56588eb |
| SHA256 | 71bd64246cfed91668afc9dadc66ea647590542ddfa01149a07ee2efb7648bfd |
| SHA512 | c9f35594eaacf767c75b569ae38451d667cdd24ea6ea6bac4e68e720b550accbcfc025b778c7f22fc57b7eb9b7c62301c3dc57a6f0dab8f54d928a3c2a6adb0e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfa20ccb65802ece69a7ee6fac7ca2d2 |
| SHA1 | 891a1bbe5acba86683b06f324e2db4acc47219c3 |
| SHA256 | 34b4e6553231ab45c4d7f29907d069e0578485e3b868b316a10bf5ffb8c37a76 |
| SHA512 | 7cc5b70e83198a74dd9e26f88c318d5b02d26823bb666c9636c2ed9cb598f8b7cc3f4ae0447b87e452c6bb4b63b0644767b25b88f9f34dba042799f7608b793c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63df48752f1815879bbeaa843da031b0 |
| SHA1 | 0e1180e99194957ae95477bbf92d263f2c18e711 |
| SHA256 | e22bb91bc29804ef3da2d150a41a3188d10f14fe48606a8d87438c63713cb67b |
| SHA512 | 65ca0d845cccae8ee8f98546a88229fdbbd8059c9f7321e0c580d13c0bdb76ac6022fdb4f9038e9da5a7d8aab1cd35b49628466dd06e142ccfe63b2a569a2962 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b43ae994cc5acb1b0e88c4d2e00ba63a |
| SHA1 | e36710daf4c585a02f47b30e9a13227b34e5fbc9 |
| SHA256 | 6e5c43b45307c308c80366d2b99a7d7fee6b9a09b52431ca3b3a8b66a787a60b |
| SHA512 | 04932fecd0ae37a18c01dad34199d984f4fa4785fbfd4590fd59b8a9f78f00e014889f05b41f0111b166172a07fe6a7ab4920711fa2f8eb6fef0e3984586b7d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4709c159f55cc9c3cde486337cf9a60 |
| SHA1 | 37eaa872c900676e57acba06bdc9eff5f131c1d4 |
| SHA256 | 2e5bb6e001b680bec9a66cc421b273e9c4fbe8c1f3cd4a5f259dd14145712b95 |
| SHA512 | af5776dc1830b8bee8e3ba5f782b91df256712731ff857c7fb8478ab916f87bbeac99429f0b9fb97c13295f3999a69ca231ae65c480d292629212b782df625bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ab059e289f07ee91d287c9b55e90f8c |
| SHA1 | 64a0e30ceb8f3f3d733629f888f63ca27521dd29 |
| SHA256 | c74f93f96c5356b4de4914f8399a7adebc39da5768f7239525b3beb02410366b |
| SHA512 | acdd7e074daae417a21fa6b2dac5f07e7b7f7bd0fbdade8a08549ae850eed58d46de3e41976fccd61f82e7b2cf14c32c84ed7162ad2f93ad8ab0c8bf37e71c4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b64d679c4e9421022b8aeb2397daa062 |
| SHA1 | cf8a905407703b100cd1e51cd645eea35aaa2949 |
| SHA256 | b6ee88ef96e5d825f92b2edafdd9b098fc7bc68bcdacd84fc4f563a96ef4d177 |
| SHA512 | 19f02009c125d73d4dfe22d7b06e2ba1889d597ce49af52243a6ab33b7f6532207e287763354d704db893dd8e5f72e7e65d09af0f21aa1b50f965883623160d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c29f01e7dbf9736ae954aeb6f60a3de |
| SHA1 | 78d75bce5163f4bb4e9b2b95be1ea9d7755811b9 |
| SHA256 | 36dcc8824e7761377c3f2c12e8fd605dbf637ebc06312e826122b16de1a78d39 |
| SHA512 | 2e2ffa10a64b63e259bead029caaccab1c1084afd5fa2dea97a02ca502b08142650861a9b3000c8e5ee78be394e168a3c79b1f853cb4d8152a0ce3a737b86018 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c863f689716c822cbf28d7017523178 |
| SHA1 | c1f9b01cd259bed0609fb3d7921fcf60b0e920b7 |
| SHA256 | 257bdee1f4d07f74a83c734d456f09be5c77b84b68d6aa876ef2819dd4665110 |
| SHA512 | 3860885716ece1e3fc2b38f263c84b0abb30f41cf047d1225bf5139213f744c0fa9f21205b0bdfc376ac90c358a068cf7cb04d2ba3a662154f94fa01bee29429 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6498b195ee9c165c87d52cb012614d7f |
| SHA1 | 3f43da6c1fc22bbd7e51d54746671fa1dff69364 |
| SHA256 | 8ae07d9141f38e52024b70770d9a6611df6e4f6e8898a483aa578ed142f57c34 |
| SHA512 | 1cb73b04d156c294377fa0374e08098acc5cf83850f85089c71d2a4deeefa26bb342b198baf62ab8f90edfbc779ceaef914e2cee54521337a9ef483228915056 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39f0f38d72dd41cee26c3d2543cac127 |
| SHA1 | 59acea05c79b0a02448ded4d9dfd22f3faf87483 |
| SHA256 | 11baacac8a88c9874edd1582eb3e3b015df28eaa2c50f771b4fb7a7ec78753af |
| SHA512 | 6ad944a2ae999dfc2890b5adf4ae4dde2fcac1d24c3acfe4f1221acd82a1491ab1d0e435f5852db6994d1ddf2ae72b45d068d92b9e66b1af873d499eafbc596c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b7dcfc0d46ecb4f44b46717068917c0 |
| SHA1 | 6ba70ba94b0124c89a90b8c3426289cb13299928 |
| SHA256 | 5b054fd861331246fe34aa2b4a37717aa33769f8a57be4586cea13e8e3f95731 |
| SHA512 | e85e3d304151e8f4f51604202bb1c3d63524e6d81de5f1662edc2c24a5e09f9956623527bcf1ceb316531d9e628189c0ae8abb026b02a21f5a8cc56d4ad8d83b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 20:20
Reported
2024-06-12 20:23
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
145s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22da812095c8ab36c91f6263778919a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1036,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4116,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=760,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5444,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5452,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6696,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6776,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5972,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | real-estate-abroad.ru | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |