Analysis Overview
SHA256
3ca49b90902242cff8df0a2869f6847c0ac37c9df2ce52583c7023c5405a6ec2
Threat Level: No (potentially) malicious behavior was detected
The file a6c426943921b02254bcd1246aa18673_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:57
Reported
2024-06-13 22:00
Platform
win7-20240611-en
Max time kernel
136s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FE121E01-29CF-11EF-B98D-FE0070C7CB2B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000073b4018ecf27f96327c9caa28e36fe74f56a97ba78110ab4bd4e8be4b16e41af000000000e80000000020000200000002435d432a14816473b6c5b5dac43ecdf7d74c0fee232223878becb665631978420000000f46efd49cbb279f4594152cf9f654373b155933208d6e220b07f50c635b96528400000006889f9bf5384560ccdc29944d4f86c98bc7684abf3c45a8656191d80e9407ec43c586500a12b897e033de9381c00d5456667814ccdd8b5475bbf1e96c27d60f4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d956d3dcbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000013cc9ebd1a9783eb16f7622a4c4e09790ec1c76eb57a14df4d484b83bed47701000000000e800000000200002000000078dffe546e077e1db8e4c1ecd245f45f02c37818ff37557e56afd5fd17ff9b53900000001d0b89b3d68cb0e5e82d70c4a969ca38ff586ece379f1d09618a3fd48037eae827685af001ef2ecf2ec95700985c4f476ef786c4de8673ca894a88e35246ccd025ad4763820d888ff95c195e902b96ca037b27c0c8763ee25afa8d12021099ddbc8a78f5ecd948a026a3af5b5abb02c808050374072a3cb9084f45465fc2dc1ada2b92e5eaff77a52dacd92312539cee40000000346479e6679a908f857a20ccbed5728d072c06eeec27c126ac6039cad6aeff89448395edf727a674d5b7f45414c8f439bb87f9686e5dd582f4a59f6825ada946 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477747" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1672 wrote to memory of 2668 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1672 wrote to memory of 2668 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1672 wrote to memory of 2668 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1672 wrote to memory of 2668 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c426943921b02254bcd1246aa18673_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6F48.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7046.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57f3c7368f6f9cda75f7b3b1d5019103 |
| SHA1 | 92f273b689dbbfc8c769988125b0778e021e2c51 |
| SHA256 | e5de06bdf16908759c463f56b2aadc98c1b2f6f5ddfbeba890e5ed127444c575 |
| SHA512 | 91348713b993626a038ac3826c465c8224a9464aee7934b11bae1ca9d6e6d8331825fe8f643a6a56b0da5872405e6642079bdf47fb2d17b93d369007467a73c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 831ffcaff8a226085815cffc91d2fbbf |
| SHA1 | d52d07f93746938095cd28da0b4a87f04f7ed512 |
| SHA256 | 1412aae1cb60e44a98aaf7f34d7e9aeb1b1f809a6b92d3f462534c7152527730 |
| SHA512 | 35e4e3d91732e34d89b3bc49a7569ff146146d055221c9df3c7ef8edf71d305cf3c237ba73b5f7171391b50d61ed100a518a4c8afbff04052d69cbebcaeb35a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c1baa4b5d89e7043c6d6f6d02c0c6c8 |
| SHA1 | 006bcdf0551dbb800e0302334761bfeaf2f1e503 |
| SHA256 | 84bb4d0471a2c208de864b7fb83c3a4d9a63740abdb18785cf2253942c1cf5bd |
| SHA512 | 75cda2d07056be506fb2191d81e7bb34f6adcdceda97af1e9f1b539ad460e54a7830bd15aefcd39d3611378667f59c4a78221fa718105a10c3ddb41435e66dcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec43032ec0b434674f601ce731c2a006 |
| SHA1 | 44be18a16e5828c8e2aeb8c6dd180336a4fa1d7a |
| SHA256 | 30b682d36481ddf5b13f35a8b7fc116867200816240a82e4b4703f1f1e845365 |
| SHA512 | 6ef640557542d89f606b2ca428771c790add1572e3060efca83f83eba2bfc05d93d5a5270688816f989887c9c3720dba4767d6ffe65e80dd3d4d1b4056741789 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67b574c845ca4a01b96d09197b3afff7 |
| SHA1 | a284c2a09adce9c2e4971f2dd887c749145c7321 |
| SHA256 | b401b0402c735e64a67e73a9322b3e4f160144f46c22ec023912ca1e245b5b2c |
| SHA512 | 5c4be0a06183fde306493126772eabcfbe61287344feb540026d4bc98370030074f04a537651bd9be823b31c8cb89a6416f119e7233953019b0f0017b4bbe762 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3dfdc296d21dbfcc125d26731d82546c |
| SHA1 | 7c8188500ec9d4af123f7d73618e646edac468c4 |
| SHA256 | b31c4eee13f78753d64b53ff52a5eb4d5c872c0dca5cb749b69785a714daa34f |
| SHA512 | 2458ea891a6cdd5429466e3b4c36bbd502c25590d728aa5bf31fdc975cfa7082f38253bfdb30a1378d40857827b1a95cbf9b7d44086b9a03e81e8bb35899a1bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 220d6f639e05ceeee9d1f72094d6cf8d |
| SHA1 | ca71a4f5afb4131ccf4e64e08dee1881351c634c |
| SHA256 | c5df7d4648d7cf98ea52e288cfcc3b1e87e8ed180d46b3d9c682c0212f9413f6 |
| SHA512 | 5c4474f3b345cfadc88c0bf137cdfb1f906dfef9c031f34794b1db8852288148e3dd5db2084587269cde3101889489d6d9b65d7bd126b4425d8eeb4c0a390a14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7ae1c31891220a39d846239854312b78 |
| SHA1 | 44dd8db8bf155a9264e119e2fe249c2aa0a43dc2 |
| SHA256 | 151b8594c59d63495ada6a6d844172bc6306fb0005d59890364b224f5eb03680 |
| SHA512 | e31aec4095e2adde3ca062646e692a2ec33dae0815251a4d191e0cffb731660aecb9a593799792b76264810d0bb32b0bac7c21bdfc7b6ffc8379715c4646d042 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b2de193a2f6be78d58055b70ee183392 |
| SHA1 | 09c8d2e6e28b683b00252537d97edc0195ee23cd |
| SHA256 | 178e20ef8db58d3ba9c94500aae87a3152522bcab749954e41804950795fd621 |
| SHA512 | 961014f03965eeb3604a30566fdf5dfac67a411822a06b1e56c7fd0035ebb6e2cd9680781e4cf230af53a68a4bd643d9914ab98f2e9cde6aeabee6675c2c01a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc1afc853f8e93834415741a68692aeb |
| SHA1 | f3c47e588b2379a3962cb071ddf7d21134d2e696 |
| SHA256 | 8e46fe07fb1990d7711cef9ad3026dd6584cd905a83520ef45dccabb8464c61b |
| SHA512 | 07fc0d4caa6c2aa13d0ba4ce91737272fac93c2c3524e39078663a3cdc0e2944108625a162ebca57257dbc6a0f682e56cb6796d3a1dd5a47136ad6bda2b72098 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08bf7b6b824f397038ab7134d6eceb8b |
| SHA1 | 789f21eb004470e4f9b28af4b4f4683b46a9cf48 |
| SHA256 | 427f7ec8e098e31afd72c5a37caa0c0d04272f7546e01ee43e412e25ead6e74d |
| SHA512 | 391c031c6c5b7d1b7ac0f462fc1b3e0f8589162799458c79c593ae5fbe81afa4df581b203d5a2e93acb4744521eac419d7f28542a79912c4bf74ad8e4d73690f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 549f487d870c29b4fb3f7cc9b65b7ccd |
| SHA1 | 131ff09b2e945fa16e9fb5be6e2799e71d69ec6f |
| SHA256 | f9331d4668be20229c70f2408655af53a1bdcf96d31b0c5f3971dbe0f16e8f98 |
| SHA512 | 3a703281c5652ac1a30321589ffe5bdc362a5eb9e626e117cc6259e6aa557c6988fa4ee38bdf66aaaffb1e79a9069f2930bcec1cd067704f2bffcf246dfc343c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23202f66b15b1f15e34c22be6bcfdcad |
| SHA1 | 4f636aa7a378d9ba7eaf22273eb43b973cee6c5f |
| SHA256 | 50aea0cbbc44f8ba3b7281828cfeffdc93f517be58662ba8b1420448c4f0c4b4 |
| SHA512 | 172c3c81f4570ffc2954945e915668baa4c695ce30371fa62aa56a1a06eca02e16d8cb54c354e20128feea43d42fc847042ffc12541a354f3293a7c58823d637 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa9ab00bd4e06e3a4f56d0c964bc0ad9 |
| SHA1 | 88c182718412a095fd6060ad7717ead29c98a0e5 |
| SHA256 | 505d10de9e6859f1df6e3e6a8bc3a9f46e1e66144ab059453b47e51c95aed016 |
| SHA512 | 00706a71291617d8ac04af0a4fcd63a54b18a7d91dd7e8d4ccb3aa1f292e48a7dc32d9a62d847b37615f621cfdc11c0fd04bb176c834d16aaaef30ce9eb7da45 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d084ac79775728b995ddb79929d13198 |
| SHA1 | 1a4543fe63eedfe8ad204695c49ff385faf4298f |
| SHA256 | 41209678797146e2cdb71a6b39a104c1f0c37fd7299609a43181766b511ccdb8 |
| SHA512 | 20e5857487e5be2b513ef0dc83e8433d5ab12da6fe1c2ce181f046d9e76d92f0ebadcbadd49101a8908263d879a19818d2a50c9ef0218ad6ad665ee660ae27b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d104c843514cc9777830f23403e84766 |
| SHA1 | f5beaf0cdd7c71e8e741155301b636e118f3d0ec |
| SHA256 | 6645330bee8f6a95b2dac65ec2044d56327b5d3f12558a6598de921fc7b1a96c |
| SHA512 | 28abd5cb052ec69c65c855b1b89aaf5f8affa9d67d3564a7ac394d1b499bfcdad6688dbeee51da4afdc7740f5189129ad55e085d448a796126b4bdea8762dc44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 438dd95af221b5a57ef2bda6dd0f3e5f |
| SHA1 | 7c1329997eb289d6208b4e7d08c84e83b6f9b3dd |
| SHA256 | 51991dcdbdb4c084c5200b08584912401c1a4cb828060b2021627903e3d9a061 |
| SHA512 | 9e0504e899b155a5d405af967203439a1efdc00af628bda4e9b134a6d322977d06decaaf952d0127abce9ed8a9a487c5c8aae445857119ebed88d4bbf004b621 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6650d6ee2fa43c426d2c6209e0728d32 |
| SHA1 | ba9a1c54894b033c0238b18b3979e3bf6e8d24f5 |
| SHA256 | 7f75207d4bb2c36c57308b6e48ef7213406b10483eb49e3f841fa328574a60e2 |
| SHA512 | f0f29e54ff1f42ca0e3b074947ecba77c17550c2b4972f4ee5ecdfe237792c951ee28e1b625415ddd2c58fed278fe2e2e506261c14cad21aabaf723d5010bdb0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5e071975a716192fbd9c08b51431f80 |
| SHA1 | 53416a3ce8862864b9573b253682861ea320c13b |
| SHA256 | 6998abc19330217d19941deec8105f438b14abdaf222be082a92b48239dc8313 |
| SHA512 | 7576714bde8529dfd354331365770f025372cddda84515045b54f44d1b3b211370f2ecad7435672364187018032c64b5dacd7138eb6ef3697654667422711e75 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:57
Reported
2024-06-13 22:00
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c426943921b02254bcd1246aa18673_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=1668,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=4876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --field-trial-handle=3896,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5320,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5348,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=3100,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4628,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| SE | 184.31.15.72:443 | cdn-adef.akamaized.net | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 199.111.78.13.in-addr.arpa | udp |