Analysis Overview
SHA256
5f9d9fc1712a28d00544ac4060733ede94be7e4b1d312fb3cf82c60a326ff5ad
Threat Level: No (potentially) malicious behavior was detected
The file a6aa97dec2da85ee7b2124282b77fa51_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:33
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:33
Reported
2024-06-13 21:35
Platform
win7-20240611-en
Max time kernel
120s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000fd6bb46dccd72db62f1fc8b98f0aafcc54972887b539fc8b349cc14dd98c5b20000000000e800000000200002000000064253833164a6feb55cae08445ff9b86383b30a29bb7a9d3008c791cce2d52462000000079ee989e54117c7ad367910d66b32674b92622b5da4e442b39607d51c6b459c5400000002013a1f2bb2de5531ad0ccb20abc93f4eb7fa52c7c458934afd42be060f867617567d9790dd0556bc429d9cb7e3e16cf64d6806e8c0822345d1f0672d9d4d44f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6099d75bd9bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476256" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f31f4550692b1aeae4aef06801663176488a399f205e2875fbae3575c2c989a3000000000e80000000020000200000008dcf9a93f43bc832a8d746a21ce17d5903c7f367f0692acb47005913bdde6177900000002c5f42784456a0d64210f624d7e365ea98266478d26b34b89e37be498d7c9d9c3a19d3169e4e4591ce748cf70a169651c3e7506ce00e25a1d014cbeb4cd96be7820f221e357b94a3fd125da0633f16d221dd9878025f08c4b4a077a93a88769ee8e8340e1a6251f51d239e543752d5be4e65d2a701e958e5027ce7f0e88413deafbcc610fda7cb4075091fe7983221b840000000035aee06e9878ef1ec46c699ab603849a203a7229026dc57c3eaa4c36b932e1584ab1bbc0d6808ccc79f3f0fd96360c4e2f896c3c5641f205440b9d1606f2558 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85FA20A1-29CC-11EF-917B-C299D158824A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2440 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2440 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6aa97dec2da85ee7b2124282b77fa51_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | trangtainhac.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | image.mp3.zdn.vn | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 104.21.37.103:80 | trangtainhac.net | tcp |
| US | 104.21.37.103:80 | trangtainhac.net | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 104.21.37.103:443 | trangtainhac.net | tcp |
| US | 104.21.37.103:443 | trangtainhac.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| SE | 92.123.135.91:80 | image.mp3.zdn.vn | tcp |
| SE | 92.123.135.91:80 | image.mp3.zdn.vn | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | fdddc3c5c5e59a4333990b78c75f61a1 |
| SHA1 | e3f72ce05d60843921e5ee35a27cba4c7b6e5283 |
| SHA256 | 914df0e46d0007d0933d8a56a6181a6263b01dc205aa80bdbc0044ac72c9b6a0 |
| SHA512 | 672339062fb94324a7392ce4c1a3c74414c4c09d17d1c03c700b9d17143d3a4cfa31986cd702651e543a61b5291a02cb8420323674f06b9033de7b7506dbb739 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23bd50b1ed2e4f54a0727100404b35d7 |
| SHA1 | c5d5773b2741b91cd75dee35068b497ed2012cc3 |
| SHA256 | 46422888de5470605ae8a5164fb3dac8879dd7db01bdbbbbeb46033e6bc9914d |
| SHA512 | 1ab66db033b4e52a5e0eaf1a93b71edbcafafde18aa1d5ea096b60e0c2268f089fd4c5270c6379db15e87b1736525696328ffa68294342f3f17bc26187c9f95a |
C:\Users\Admin\AppData\Local\Temp\TarB7CE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabB7CD.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cef909fd6fcb88a74efc49259f53e9af |
| SHA1 | d7db1f4b9853d3e01b72b002e56a277b069ddb71 |
| SHA256 | a76f3359ac1dbd7969af70794a25d284bbbb7acfde9f28800ce5e3810d884e85 |
| SHA512 | 208b2c6f1b7a68bc2efaf68dc7d9f5f85dad13df1cd7bd8ead01ddaf1b9fa8205f04ca5e80483312bf58ad6377f617c5c4948d611d740da5909a61a8d8281423 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d3de47cdc538421536b8c53f822c391 |
| SHA1 | d305e554bb5cc29da73732a53a3cfc1ed9192b56 |
| SHA256 | bd558bd13c24747b998c488489a4cbe727920c8ff0d6c75092e2ea79fdef72f4 |
| SHA512 | bce7c361146d4c9f861e402a379cfc9fee6eaa09534a3fc488a6896aefc5335e3c47ee38a473e9a9f88a98f00b2ac28a6e9c271ea163c5c31f5209e3483aaf19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c877ed14d2fad98ae75405bbb4f2e0e |
| SHA1 | 22a10522dad69b91d2b70530eff4acc33c2f5095 |
| SHA256 | 2c27e2a1a27d3f3929a3b0e22a45cdd606393e201109f132dde87a3685413dcf |
| SHA512 | a12edf9c4c87523382ea95453d2be0976e26e9987a8bfd98b731f3bada27aa64adf2e78e29e17be48887d073934f2a0fa72acc58e19fe4b7077c307882838348 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2f7182581985cce4c1ea16e60ca5a17 |
| SHA1 | 97583acf1e282b4036eb44e51b79ec64d5c19558 |
| SHA256 | ee7a6d7f1262ea14d87a351f9fc06922bf55efc618636d28fc882b9d6fa61939 |
| SHA512 | 35bcbbf1b2a940bf1391e78cdb53e0c526f383d8193adbad0fc70107d0771ab6d4cebfb8728f4139f994dc9d35756f2a5f61fcb2f7746937fe9f4948f7679f69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33d55204c9d7b1bf211e7ebd498ddf4e |
| SHA1 | 73af7666a5090a5cd4c127237f80e6e749a06c1b |
| SHA256 | fbe5daac4da40d0cf3980678a11be3ba982128b692af4d4229017a559c97c410 |
| SHA512 | 63673dd51172f54d3a3b02bc650b0f460a720d97cda4f0efff833664072509ae748945ad28fc08233905fdc6d2b87a7d630f3990503fe1df2c28a4fcfb64a865 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c625b313d96322ad4171c9436264daa |
| SHA1 | 61b98a6da4d1119d981128ac1929f8e99e0c376c |
| SHA256 | b8fe5b7ac4c6d15e11b35d50c86a0bcbb6b980bda901fbab15de1356db1bb2b0 |
| SHA512 | 9525a6c4b1554279a3ba4c4fb19fd0236509cf7515dc736e25d30c2803cb47854e65fd601493af35b0e2e6181d901cd9756dcee35ffdba246f862f1a58e6ee1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e70751f121f1f375175d5e40db6e7fb2 |
| SHA1 | b8b3e2ad1d6254ccc65d07d300f39d20a2d2eeab |
| SHA256 | 90c23cae7fc2053e4ab666bd754bb9174542644a13be1c1b59cb99822fe589a2 |
| SHA512 | 900eb0c3d77dec08f658898df6716575290ff3cd1305e65b0765fb8fa71dc176247298e32e88f3bcd94052d19f102673f8b53753fcc0678c5679b2a2f41e50f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4af4bba79d4e8fdafe262a52ab57cdf |
| SHA1 | 47e5e500d09e720164ecfc685b14d73f23532aa7 |
| SHA256 | 07b0fa2b6a394011a19c31b4f5eae12fd67ac08255c991ef70ffc844c4d0a075 |
| SHA512 | c7c37ee53f961867a4ccd1b33560a55f08410e01f7fdb9c52674b7914bb8db65d44252e7f37cd03ca5dc9190c52c5d3cc048a3489d0faee5600a84a899a32d49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3794d2f442193156c771300188bc9c0 |
| SHA1 | 83c4741c1a44ecfc167d70acc21fbfcad102f7db |
| SHA256 | 9477808df0c798898b19edf49338a073cd3ad0d7a987333edb54355391bfeddb |
| SHA512 | c6614a007cd3550c3bf87ab6372b1914820d5bf6ef097eaf9bd6c034b3bd1599649bd7699f3847f3dffd06337d28ab21dce54d6633f302cc76ab21ec754fd3b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb2f4965b6053b31da4f637b037bc1aa |
| SHA1 | c47205364a409ee34a6ae9d0bbfae326138b5e99 |
| SHA256 | e51fc916dfc05ba0dba8a295c677ae291b0c690514dfc8492e4f007b2506e07d |
| SHA512 | 45c2768df766791b81f67c9e57d0fafcecea6b0d1e534c626d126fae93f2c432f61dac99bb0862f471307868e68019f868c528d4061aba6f48474b853a42093b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b425f3c2609c16f8d92a43360cac1b93 |
| SHA1 | a75dc28ea161b4242f22d18f4024e1ea9edaab42 |
| SHA256 | b0a9703857d47b1249c926941eca06397bde446edf2a80e26e754a7055ccc248 |
| SHA512 | 28661a7d38565499e565f10afc1a2846f35edb3b136f9c2fbe20402bbc8b22caa994c2c80d3dd8ec034b63c59b1be7b7217a7ce71e0e88fdac6813a03bc77d0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96dac8baf7ea3f799ec5c02ff262d318 |
| SHA1 | 496fb1922ca4656c45b24480980f93260f5ae327 |
| SHA256 | c94e383385bb4d3fa3d0554a7759585e68a9a969f2b8cb1265ca00ab7cf7f1b2 |
| SHA512 | 8f888f5898bf3bd09faa76496b17e600767519419a0de649d9c21e02eb1074524c1bcadf69e95e6273238e9b69394dd5d1ca1e6fd0b426728711c4d7f5125a37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 610fc4889ba1ae9d6e1d5fb49cc8f818 |
| SHA1 | 9f8d5bd38066092efff5a776169b546ffb4e5c30 |
| SHA256 | 4620093259cace100874634a2c330845396a34631ab46a449d02cb5f68cc0879 |
| SHA512 | f7fd8264206878f9f7c9d385ebcebc8a8349741ba1474780ad0daf9ec3a3e6657ce3e4cf3ec5a027f574abf979a79627d11ccc6e8f962349a9c329ca71c49cde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75cd8a1a96ca5494a458d3d1b674bf8d |
| SHA1 | a00eeb6cd5f158e2b087d49daa7bef21512a8f7f |
| SHA256 | a140c7e60b407461bcb5ae0788deeb940e78aab74fb715a2b2b95a7107bfef3d |
| SHA512 | bfecc0082dd0f5438fffca9ca29d7e924d3f7d9021608dc99a327e953354cea100bd63e1cd891fde2488577d09df2ae236a472ebde6fea50b8acb8eeff07d64d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87e3fef268fc7a25266230be9c5e555c |
| SHA1 | 99fe652d50f1210895bd54c7153e02caa14b7835 |
| SHA256 | 4abdddf1b347c680fac67d6a91fd39ad51107fe9cf7c5cfe85521c090c657b80 |
| SHA512 | 3a68b1a55e233c243567f1d4aac81f7e24479bc318895d7ba988f53d48befe76152045c3ba52d4a54bb5bffd05b0c0853d8280571da34fc21973af6779e15797 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e218e31f6a179fe0bd7e5b77ced024cf |
| SHA1 | 9ffd6c4fae5ea4ea351cdb1976eae9be012e1710 |
| SHA256 | f8caa6d5c420cab3992a41485cd194d5ae93ba77df3c1fbab4ec62a54ed51325 |
| SHA512 | f14be9f2ca1deac7970cb37073f8c42eda90ae047a2043d6f14403b2fcaf16d750e01fb1cdc9d93e141ab2dc5e918382349fb508a5f51184b19a0cf057f2565a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f7272a52a7e42bdbfbdcbf26d7952e8 |
| SHA1 | 886919b0464b724242cf17f110ad2bcb16a6508b |
| SHA256 | 4d5c7a8fb2375002d1a6cdccced6d3ff10e470be0e6a1655ce921de42c5b5bfc |
| SHA512 | 7e61f81c026c46b935908363130d253676e50e46265c41ffd45e254a73fb35353e6286cbf73846adab8a0dc07d1555b984d60bec9abe31f50c979340d1edb984 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04deb7b0e05fe4722e236403612ea323 |
| SHA1 | 03ae843d7ddd1010933183ec9873b697245c41d1 |
| SHA256 | b83a019846826d377a7ab626104b46d65b44703be99e892ff208bca345d4557a |
| SHA512 | dc27f43183b602f3a7ee4a13e50936c9b713893c87ad2386f729c229c253d8d56bf67495602bd180bd862ffb95b6d217db5191d2139de1ce326a0662ea82dab8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2ab7b3395617c25fcae823d6c1b66b2d |
| SHA1 | 3d08b0f1e12025c8c09b636e29d7a1e8d2065479 |
| SHA256 | 1980acdc357029ed4634644e4987aef5df0e3db0ad3d9c03cc444a66f5890771 |
| SHA512 | 57ffe05932652a18d210316b51fee5a058330a9e1515c01a75550203b945b5ddb0324ff272d9c2370a23641c3b30bbdb9b63d3de1808343f8fc1bac055eb2bf6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:33
Reported
2024-06-13 21:35
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6aa97dec2da85ee7b2124282b77fa51_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3824,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3828,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4428,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5424,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5520,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5988,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7144,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5868,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5884 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | trangtainhac.net | udp |
| US | 8.8.8.8:53 | trangtainhac.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | image.mp3.zdn.vn | udp |
| US | 8.8.8.8:53 | image.mp3.zdn.vn | udp |
| GB | 172.217.169.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | trangtainhac.net | udp |
| US | 8.8.8.8:53 | trangtainhac.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 172.67.207.21:443 | trangtainhac.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| SE | 92.123.135.77:80 | image.mp3.zdn.vn | tcp |
| SE | 92.123.135.77:80 | image.mp3.zdn.vn | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| GB | 142.250.200.34:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.207.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.135.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| GB | 172.217.16.226:139 | pagead2.googlesyndication.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 172.67.207.21:443 | trangtainhac.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |