Analysis Overview
SHA256
ce26bdff2198f2ea4f816c390d8d5d201c165973e2fc9ff715fbe934b9b3fde8
Threat Level: No (potentially) malicious behavior was detected
The file a6a9f20b8d15db0641a8cc7ade951bd3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:35
Platform
win7-20240611-en
Max time kernel
137s
Max time network
126s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30150489d9bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{751B47A1-29CC-11EF-AF9B-7E1039193522} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009ab3b650346a5826acb1d6a08f99948a4733d7e294e19c2a5ab396f3f3d20208000000000e80000000020000200000001c56ab149dc141d41ba3f57c88e4a38b045b1158b73484289e24f134ab706ec420000000af5f5025c8992df13b3886494953608db44869f15e87111f54b1c98fd21a1e6340000000d4f20ac2b12b559525288b43827409bc5cf47e03ca486200016391935ee78d0c67825d2c307797e7636896011298a80f18b4040e3cf7ce9aa99a2f231f9fb25f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476229" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b9537064da07391f40229967b85cbc5af19611404bb2be0739c9e15777b8e14a000000000e8000000002000020000000fafd7d01c2a0af1c164696bd2566074f3a4636dd4e056630ec90fd8100bcbf6c9000000020b83ffbd0e4ea412ebcd441ac0111ff35e8f321ec7a4e9e76633b0c0327cc6a55a6771668858c9cb4690989ed541c2cada12b7e905c865db3be06ac3297cd0a43ee8fb72f3052166e4edd433e3c94988e286552242460934eda32855e65d0aab2366276c0aff185dc5b8e09c146cda0efa40632b5686310e5dacf22cb585eb9ed1054120f6980f9dc62e3aa6d22d84e4000000057a4c2217b7e2352baf63f0bfe92350b291f342d886fac6c58d08f5281d849bddd7261e10d592798a4fe2ebcf69cf663461725b0e38c2d8927820d2c1f18d615 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2012 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2012 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2012 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2012 wrote to memory of 3040 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6a9f20b8d15db0641a8cc7ade951bd3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.91juyouwei.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | tb.53kf.com | udp |
| CN | 159.138.20.15:443 | tb.53kf.com | tcp |
| CN | 159.138.20.15:443 | tb.53kf.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | s23.cnzz.com | udp |
| CN | 220.185.168.234:80 | s23.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s23.cnzz.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 220.185.168.234:80 | s23.cnzz.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69ca2f5fbee0f5e379c950047c959dce |
| SHA1 | 57e46c9ba34138eab4fccdf8934cc432680c8471 |
| SHA256 | c39f5c755cb2cdbdfb813b6fa7e5edf9f551c99fb1d8f4e11fe457fb87701a26 |
| SHA512 | 8e9fbac25ba8d340984ade36be9a32aea251fec83df135a8dbdb825b8738b2617ca618c3635451ccdbf5b86b3e559815fb3ef9f2816012ed860dae203f8c23f2 |
C:\Users\Admin\AppData\Local\Temp\Tar5969.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab5957.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86980b08afb26c9607fe8deb0d0e526e |
| SHA1 | 2da3d233970e5278a84d7152f95cef795901da1f |
| SHA256 | 8aad4c09fda9d6b51f5d8178f8e94b58f453270f0a86fbcd23815d5c601887d0 |
| SHA512 | f928bf3346b6d424e01badafce97227e296c8119f2b0a78298c4e156233487b50f040b366d415d731ef1aee9388d466969583b3706bcd4bcf1eed59d8bd5f17d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1414ad02064ae1722c86d7c6e069d3d7 |
| SHA1 | bbbf1ad5f6faafb0c6b3c8dc5235c1871bd90385 |
| SHA256 | baa59d181816ee6d3f6893c8688dc662f3bfdda8f46f8055543a8bb0fd9ea847 |
| SHA512 | cbb0ca5914438f8d622512d47ca305918996dbaa5e0003642849f7a411139329c050c0eb965b01c9ee2f8e30381d3ad6ee81a40f2d991f19c680726814b0ae25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5264804d69ed21a76418407b054a88e |
| SHA1 | 9ba11c8051fb4692bab32b2f0d1927ef75f55c27 |
| SHA256 | e751707b06456ddd633c9b11b1f03cb022f9cd90adf342435caab9f44ffa53e9 |
| SHA512 | 3ea04842f589790fe54542db102f79fafc4feb1813974eef5d491f864fc5d2e07776644f6938a0ad8a6c2135f268dbb3dcb78bcfcc6eb2f5ef60ca11dbf912d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30fa84390f7848ac8b49432d064e034c |
| SHA1 | 165255ad0e4a66f1aadcbecd0fec6fb9e3546419 |
| SHA256 | 2de843f6d43e0e78ae02ad9082e3c1abaefb705edb52099c0e872ecd30fc98ce |
| SHA512 | 6d52ecaa8a8f6d820a860da8a6ea3271ca1abf7a5e9b7f08025348259e884fdf14520f937e48e8651b76ea8c57b0212fba3b04b38d15668d44b5abaa7fb28405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9070f6479533374d929e457ebe83046 |
| SHA1 | 6398066ced02223e156d4014a5a5b129c04e8077 |
| SHA256 | 00f900ec02c472ab46a84c97562434ecf970dab5c24192884999e83a576a4c64 |
| SHA512 | bf24f9cbd8321ba99e0924fdde91bb63723e80baf629d10f43e9b37171274bed999cfd2d44e89349767a9f4b2dea19f20a45bb203263696cadaa658c62a67cd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e2289cc94c609e54a4220ea7f31c6c97 |
| SHA1 | 354389a2915c7f3ddaf555b5aaa146c7ac2227a0 |
| SHA256 | 2bc6c003c79b4d081d31c2d5c518c26c1e6a1f3b06712b50cff2a828b364859e |
| SHA512 | 82c3ec53fa28965fd40587e05ddd04608a67610e5131d529933ae9e37506debac99dc97dee7e87478a6ee798910a1384e2bf78d209095aaee31f30ee1696bf36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 812905a8d0435249a36f444b2574a8e9 |
| SHA1 | ed93e9ca046d72a2966844423e9166d1e0c7f70c |
| SHA256 | 4638bce4619a16b2e1ca39be60c73eb9dda279e9cfc271087aef995629a4feb9 |
| SHA512 | 89023b84fad799c0bfd451a586995459fb5f3716acb196c8ba838bdcf4d69af543a72d4fff13401349101f82b3933a140c91eaff87de8340d56db886627ce242 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d1359e5a437fd99fc4d356525d00ec5 |
| SHA1 | f0649295b8df4ccba2b384fc9fe356bc7c8b54c6 |
| SHA256 | d6f8497b28243feb23aeabdb4c5a7e46badb7678c8f780ff6aeedb3d5d85c608 |
| SHA512 | 2721a1a5ef8b971b77771e0667e508e23c02d441942ac9c287528955bcb0f543a9ef7c873ea9e58859b0b5d8f4c1f39c504905837e28c21c7d4a0680eee57908 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a51612254171be9c12ebbd980d3a8fc1 |
| SHA1 | 376ac5d7a34793186f23c549aa4845f4ddb5acfc |
| SHA256 | ab3defe8db5098baea38d63748b5bf11890f8c3c3a7093a53a74f1c3f65e81a2 |
| SHA512 | 39ede53645f6fae90a2b08e87de1db43a1870fc58946b30a52d6d6a353cbebb880539c5367ed82b02936b13d83915ef4f6759603971ce5a1ea82e1c8d720a8e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e75d9ba1497ce1709b93292c74ba023 |
| SHA1 | 84649ccc7caf6df0383807fe49f70ca21a768862 |
| SHA256 | 5377a183b5e0190908ec06f5d322047b7fba31cee00faf262ea064d40c071fa8 |
| SHA512 | 44227a658bc01540db0cab1828fd11101a787b3ea965600e0ae704f18e4dfd483b6591c3efafb68aa8494443e29c4f4fe588170a1ba8ca261ce5053d86cd9c4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec5c2897da3754a56fa9e1ba93107b21 |
| SHA1 | e0c726d894be0dba8c0fec7ce06d98fce9cde75a |
| SHA256 | 4be2baa9303d32d00d5b4a6dd0eaca5b5d76afe15ae9634283603815857661db |
| SHA512 | bf6935eecb59dbacebe2dec5780afc07e3356facfaa635d3ae6be78622f236b4f03a184ec5501f5a690842091f2cc0cbf4bae84265f36958675719e29697fb44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 896b56be141af9b62f6ad7d4e6c1deb4 |
| SHA1 | c415f22250a9f2744cce1c271950b2602347d0de |
| SHA256 | cd83929dd78f9da0af7e17344064be09fc252bb542ed1db0dc3528fffa63112a |
| SHA512 | 7d63c07196de8a8b13d767ce5f65cd6a49c0c228d9a706cc1690fe64af70ed469990e5b7be65cafb1ff4f25f52e829e029ec6c908ad5d7992258b49c1b59367f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e5138ddf14101eef1d16299d8ee20d8 |
| SHA1 | c000598a0d3607ad68e04cfb21e4ce65cbda9a83 |
| SHA256 | d38cd27b809fa6ec7083d5df4cbda6ecbe4088d875a33871c04d496af6154582 |
| SHA512 | 2c08892ec399bd86c14703f0a059a6b78d72a1e106d5b6c47b2d59b0ea15d32aac348d27115242d1862b72c36ba72a8560ee88d3ec737e4310d0fecad3511910 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b1d07e5ad27bfabb85b41472cb0cc29 |
| SHA1 | 640cbfa493c1f36005220b4dad583a821fe1a807 |
| SHA256 | 16ad01eb961b1a19a5cd98f42ddb8f6326c5708ea360ddc84d022070655be979 |
| SHA512 | 979071ca832034bdea288bab88f104c5dea0e37746978156a635f147cb61f2a56f8e4c48ee349c0ed931161eae6bdd1ee1ee9cc310106e20a03c17c669d61ea9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 970211ddace9953cfabddc5bd1988162 |
| SHA1 | fc2abde250afcd99aa4ac3bfc360e82c06deb439 |
| SHA256 | 089c9c0459fa5bb3d436677a9f69e8572e2f85850e7db9418c92e40def3fb3f2 |
| SHA512 | 22101708c4b35056e9028fe22f2da804a9114e0e79c4054f8187e89e6cf8aa4a7810372e262a56caf8a532265190431d753974c8791f770b78a7f558feaa339d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cee533b101b2cb92bb35b678ab7020d8 |
| SHA1 | 7232f4ffbf0469beb5179b7ab6d39759dbe013f5 |
| SHA256 | 4e408af49ca6951939544e3026f80d517774cd0f1e76bdb6388640dea9d14e71 |
| SHA512 | 133c4a959cd2376e83b5e71a7fc4e15bb289bbc97dd149f72915bf867a8ff57cc90724d001cb373e26ddad0fd4b4805c7888add7c311e71a6c9c8e0d2beae6a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 843ba2ad002f48b5cc5488e921722eb2 |
| SHA1 | b79b383a1388949bcb3a419f5e7d9a3664d49a73 |
| SHA256 | a3f495266268ba02f871c6bd97896e5f75e15b5ac2f9bf2cf4de57326b11b31c |
| SHA512 | 5b7dc13a23b861e8f7f52a35de86344600ac4ed18a81f5b6d9985315c3b8e248a2461a4cefdfafcb7d47d8163638d26ad6f9a286e88c82af863bfa8934d19f56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d2c26cd9d900902d0c4e2ecd5b9d814c |
| SHA1 | 4fff34cdd3e32c696df1c53a38ffbdb2b7fcca10 |
| SHA256 | 71585b2b95bd34262248c733a52dda17e366e54ad1ceefb3e03fb894479e136c |
| SHA512 | a44dee3ceda4da28a9b358105fb1e5c32a482218eb73cadb3823b39dde0614e24890667fc7e8b26152241074dcc26f77f7607bfc53f814ecdc72b2bb05bc7eb4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:32
Reported
2024-06-13 21:35
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6a9f20b8d15db0641a8cc7ade951bd3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4192,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3856,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4772,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5456,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5468,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5924,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5892,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5472,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.91juyouwei.com | udp |
| US | 8.8.8.8:53 | www.91juyouwei.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | tb.53kf.com | udp |
| US | 8.8.8.8:53 | tb.53kf.com | udp |
| US | 8.8.8.8:53 | s23.cnzz.com | udp |
| US | 8.8.8.8:53 | s23.cnzz.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.91juyouwei.com | udp |
| US | 8.8.8.8:53 | www.91juyouwei.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | tb.53kf.com | udp |
| US | 8.8.8.8:53 | tb.53kf.com | udp |
| US | 8.8.8.8:53 | s23.cnzz.com | udp |
| US | 8.8.8.8:53 | s23.cnzz.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.91juyouwei.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | tb.53kf.com | udp |
| US | 8.8.8.8:53 | s23.cnzz.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | tb.53kf.com | udp |
| US | 8.8.8.8:53 | tb.53kf.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | tb.53kf.com | udp |
| US | 8.8.8.8:53 | tb.53kf.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | tb.53kf.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |