Analysis Overview
SHA256
0876c490877150dc0ebda9651e30308df341ff583da977a2a1faffec12dae234
Threat Level: No (potentially) malicious behavior was detected
The file a6c456e2d342194489876598950ee30f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 21:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 21:58
Reported
2024-06-13 22:00
Platform
win7-20240611-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07468061-29D0-11EF-B5A7-FAD28091DCF5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000dbb839289c2b333ae796cd2265d4de9cb3c46a2eb77c8ab3f450651c0a57e1d9000000000e8000000002000020000000293086839bf2370cfe41a65745d3a615fd62cdcb8c092183f0349fa5d727098a20000000574f9b6d779e7c9b94710c6de3faddc0e5afad8bf05916f3d5484198aa1572d64000000039657fa7a516df599c84ff695267270c3689dff47b75dd13266549c97f957f6550d095b5df62d04d342ccade3eb90084495e57472ece58aae8cc486f09141233 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 101672dcdcbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477760" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000089329d4f09487c77cac4eb5240815df7cd91df229a096ae6058399cbc8546c89000000000e800000000200002000000039ed2231f4d4a238f28ea0a1dcd340b96d7d017bd081df1a6237495c9455da1a900000007de3eccd6cbcc98de645433e64acf1cb554993d21bc209282b70bbd0a4a8aac52228dd19ec72f262b5012f143d09f69fda0d9935e125a872d2f49481021afd5300adfbf789b909e445d5c1cd8636915dbd3f77dd09d1759af0447d1ac3081a7913571dea32626eded15d70d9fdb1ac3f7cf09e12d80c67c5bf83f1c3e91f563b716d55bf2f41893ab0d8125b49f62206400000001c3e8ca060e29eadcc852dffc3912d8fd7279ac2010cc609409607eac8978d34c179e4658a3007ff9b2400ffa02d991d0fd666cbcd86ff4371e8b559930a7ee5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1912 wrote to memory of 1088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1912 wrote to memory of 1088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1912 wrote to memory of 1088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1912 wrote to memory of 1088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c456e2d342194489876598950ee30f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | grillen6.2-hi.com | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 64.136.20.38:80 | grillen6.2-hi.com | tcp |
| US | 64.136.20.38:80 | grillen6.2-hi.com | tcp |
| US | 8.8.8.8:53 | ad.aboutwebservices.com | udp |
| US | 64.136.20.60:80 | ad.aboutwebservices.com | tcp |
| US | 64.136.20.60:80 | ad.aboutwebservices.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3862.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3901.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa90b2a3ab40168c17ad27dbe81af9cb |
| SHA1 | 8f16420355c5f68a173aa7b6e2300106ba31e48a |
| SHA256 | 4b0842917236358b3918fdb83139b0113af51cde1021e2f627313f09b9b8a250 |
| SHA512 | 8be741cedf7826bcbffa5b284222390ec561be878111f201665f22bef1bfb12281d5d9e9dfd424dcc59614979bca4aa47b8b93beccd850c3084cd74169243e81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba029fecf7ad74b2f40d31af9b205f66 |
| SHA1 | 821f012286d0f9520f969e51fcbc588326bd3eab |
| SHA256 | 255f4a8a4bc860d4c95b7d99c6c76fcb0846075161f34d752a0f4fb2f12d2283 |
| SHA512 | d47c0b9e68d3b1cc252f15f2beac20999930ba442b6fd21075200c72178601a384d8024182baa74b9bef481cdb1479cf3c790a6765546d6d6eaff9fca7d98276 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8229b9d633c9e493d47894d4a917fdc |
| SHA1 | 67202757488389d5415caa7e7ef06f5e63ca7379 |
| SHA256 | e9bd05fcc5262cb509f59826c6dd0a8d9a1eaf08144395a9bb9a5e8c232da3a5 |
| SHA512 | f98296a2fdefcf0ffc9fca8c45ed182bb46b710befab28a84999d2506d44084e26b9bff3e499840cbe2eedd3648a2f0e30358613142cfafc09989aa8b186feb9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 901c60cc22ea9a3d718190ae230db8f7 |
| SHA1 | a1d6120a08c79924f33e221998bfd445e817ae75 |
| SHA256 | 2abed6e82929add9b53bdf91eae86abbe362ad2825531de87cc264905076082c |
| SHA512 | ba5351e5aa7a342992debd23450154f218d4552a948b456f81ae3569d717fd47aab96e7c458f0d938fcfff2ae6c150cc743ae61019674dfe263e6e5829835dbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d4567af9bf0357d7a5546158cbea242 |
| SHA1 | 919b9dd6efc5476906d80c2cf364e6b764dba858 |
| SHA256 | 7c5b94b6c3fe564fd602b039334592aec4a610056b0b671e119572e72a224dba |
| SHA512 | a6cacecb31dde3cf12a770e7e2fc25264e553e55271b3bd8a411d5a7885247f1937f6bced023d7bd943c205a78784703206114b5cf137d05aed99f11325af898 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e845c0c54992a8ae5974040ad252ba1e |
| SHA1 | c3867ec7d218a45a67a455f730e2a7698450377f |
| SHA256 | 240cf5d6f132ceba1e8cae63b62a2e24e204920c68500360b1555857fb63da9f |
| SHA512 | 0fab02a323abaaaf8d3ab270adefdbee68e531ed08807bdddf95d9384d8dccbd25881936795e736c3dc20bdbb8c4960fe4f3632d1a2db529d8aa6df5eb989182 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11aee18adc5d03d55e2929330f20e01b |
| SHA1 | 25749d94f938bf5f9a0f0ce9f517048825f92b0a |
| SHA256 | a27f03494ec7e4b9b22ce150ff34004dfcea22c185485f3d7756db32441b435c |
| SHA512 | 27eaa814806101d72d42ae268325c9091440b8cc580a19c924eee46a4c4a46ab72cab2e8728c04f88827a182c2f638866f77c1bb0d4541a2deb1cf54fda68a13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cbe808c0f3e9eedb162d603ea306241 |
| SHA1 | f1fdefec5599317f96385a29d64274542d897f10 |
| SHA256 | 695b0e959464a846edd38859d5d4c8e76c8ccfe47a6436226b5cdc57eed4a124 |
| SHA512 | f552b2ac2c2b00921f1bc8f1409d4c7453471ec2147da0a226862bfadb595245cb1f1c3a109c4ef9b4f83d33c262986d8fe1dda2e92f81c24a6507694b9379d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99d5f71348c3956a0208ddbcfbd880f7 |
| SHA1 | 2b6dceaeeacf382684fcbc37707008f817b09b39 |
| SHA256 | 259bd52e0d0ef92c0cdd4c5da1a5a9eea642c4dd1344636b465959ad1d1139c5 |
| SHA512 | d21999dcfdd719e907a2dc2a658e6fd7db0e4812a9fd6830ea015bd1ae990ba9e5603b4492fe44b8075d6db7c97243e3d6ed6d1cfb54d8d4c9fa66bb7141b4e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46237e44b68a3e720156f650865f065d |
| SHA1 | f4a9d13cee184d90c03cdedf597a9cf831f8cc84 |
| SHA256 | 3bf2ae72559607de39024fec41bb90ca1aeb2d90ec0b075d4d1e545818d2a87f |
| SHA512 | eb4ae56d1514368bd4493cc64dd464b81cedc0ea73e056c90e2ca34ecb889c68279ebee93590f593c436c51fb83ad21f2f8e0755ee6fbdef715ad1f1798305cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3047ca8d8213e2fcf8d0546e94b9a7e2 |
| SHA1 | a44beb1e78347d293a3da17410563929a517c133 |
| SHA256 | b47e5fe5e0a4162fb7a535a005a07477856a5c23a43f0847fe66b99b33fe5917 |
| SHA512 | d78a5d969f43c926f8a0cf3c039606b1023c51b43f6ebbfca3756e014adbc6971fb2faebdfcbc7914e05889657443d3d0dc53297184b60fc3a1384342969862f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5313f929320b65436fd2e2e0b09d932 |
| SHA1 | 998fafc3e9807d7d4a93c175c26b4342266bf5ea |
| SHA256 | 086fc7ca93bf88e70e4cf4fe14ad07b394bd48fde0afaeeeb67b71d8cb1468ce |
| SHA512 | 84364fdfdc6df7b211ebd58be291e1335db5d144c62b2897d3e263576386e1134a7ebbf980acbddacaa9938164d6b2c9c9f84845768bdece701a3fc01b135a08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e83e12d256cf39fdeaeccc5936a9d7eb |
| SHA1 | 2142afec9ef824043aff6721c329f2b8d91d3ad9 |
| SHA256 | 11f2b94116038463783dd24c8750636bf41a99c3755a1b9618deab7f71198eef |
| SHA512 | 66791ca88cb7464e84283ef65f3aa172fbfb4c461349c86684f62b4a62c60564734ffa291efa6908eccd06d97272a8c2788ef046987e218e7cb0570bb67995bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88e86966e18d71ef6f2be791af174bad |
| SHA1 | 2f338d999ed7dadb330e5812c1430a1c187f1b68 |
| SHA256 | 9ec8119ee330f5bd62f5864302309a911b47da9caa64deb875efb13350be0bd6 |
| SHA512 | 75dbe800865f9de4e93fb3f466407b4f26602396c9ffb71d00b2c28a4df24991662bca1b17fb178c89d1606899a70942ea54c646a134f18992f1035ffafb64ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f29b8fecfdbc3bcd2f99783c51ccb516 |
| SHA1 | 1b616963346e474bdfff2d15e60e0a17d35f0e6d |
| SHA256 | 032abb9e5f98591c695e419063abcdb244513968c1948916b9062408a796dc42 |
| SHA512 | 624faca336df13b3e353832b4b3257664ea5ba258f94d40c6f3d58d7488fcab7eb5bb132363cb2e206ba2f2ce2b175e9bf2023921f1601d7574cad33984b02c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09caf8604d4fab7b4dbafa638884a2c7 |
| SHA1 | d2c17beb6dc3a96b3aaf3dfa9aa19ae954623b7d |
| SHA256 | d799bd798b8827007f6c9d20270aec696c262c5ca04ac1713db5b5cb79779d38 |
| SHA512 | d091ea5979bf8d3d988896e7621d4f84c1fd2493ee65d2d593a2aa83df6682f3cb9b2efc438202a73549b44e570cd3edc53ac331de9ab442a7514d266a22c109 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe952a84c6474c9a1660c294fc428040 |
| SHA1 | a89e8aaf174127671532da7cfcce85d50fe5b2d8 |
| SHA256 | c7da6414bf25a7359fbc011d20a2d8b855f04ddcb7ec2254018f1a788eb061bd |
| SHA512 | 7c60d718c56cc1c9adcc4abc0d34cab6c2c7b8882669a727730fafb4b54d14b0d123e0e1a323b66d300caab3445ccd7c4c1f6195507f19829409db97f9c6f0c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 328ef62a51286a78d03da5b61753b4f9 |
| SHA1 | febfa5c3a7540e8739cc3c407d7ea3694c426438 |
| SHA256 | bd582b2af870859fca3d1a81f93f21a28f4c14caf3db0a7b37ec3fbe20155c73 |
| SHA512 | b8f0b2b0154c8369853ec298cb7217af41ab1cee84672297b73ee0be5ea01fe55ed16c0e1987cb54bf786d4352773ce9770ec52e86bc7471a1ef0212c761e979 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c6b3ec10ab087cc0b8d394bca1b1f94 |
| SHA1 | 25301765974e9edc96e2f92ff370797356816698 |
| SHA256 | 5f4407b424a1cc536159cd3d3e8e8b327729ce73e843b8aa1fd24385b1dad9f0 |
| SHA512 | c268d9e7c73658dc6cc84e87ccede79025c274afa2b3b07db6705e1c58adb8b85749c179ebf6263d8562043198a5e6cddef260a8c61e9333e91e81f8c936a39d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 658ca9a565df26bda8a8853980a1b960 |
| SHA1 | e276a6d31b4453a10f413ec3abb3d5ba080cba0b |
| SHA256 | 06a491de6c400f83eb5df23d68c6da8ac4af53282389f57966faf42ffa5e6b54 |
| SHA512 | 3ddb987c8924e212fcaa4870856526d073d1447ecfeb88e84bc28a6fc73ba9cf33859573e582d602a171acfc2c2cbd31732a120452b91b2236add6eaf59484fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 991a18125bb5e56435357d1cb3069c79 |
| SHA1 | 0b5a93e809bcadbadbade46624105c688f05cca7 |
| SHA256 | b6531ee2ad841703ff914933a2159ef825cd7fa65e6e6c4f09602cda4cbda711 |
| SHA512 | c28f59504b6c79e9ecc12776d6a40eb0dfce9d5a27058038255af08d101147167878f395dcce0f2c49cff742397f42a041100b026c37a5111ac1042a7685b804 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95343e61cdb8b9583e846514d424db9c |
| SHA1 | 7743fd29cccf560eb502e6e1d4c7112197bc567c |
| SHA256 | 0612fa63b3471f27efbef2a7033cfef5276098fea6675bbce249a1dfc088e96a |
| SHA512 | 063fcadb737b33767838bca4151e04ccea051801c2110f87a1b2dc632250b0851ebe0499bd0eea64be5173e2cc87042cd41ab8e72aaf43a99e69d7efe0889fde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ca0398b720edc1f1cfece0dcbedae8c |
| SHA1 | 03351a82fa87498559461e8104cc714434989e56 |
| SHA256 | 18adfbd1d8ae5d595a44aee0173d22631f01d9e8912c1ad1c7d0e569fb32bdeb |
| SHA512 | d18b11704e52bbc0e6e845c91b16c25818566be8985dc5e6b468e9b5115804d43897460b2d7ea0affed4ac94d2cc8e42b4fe4a15ee09cc4ab2e781e146b70c2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f61be44fef775e7297909a53b7a44d98 |
| SHA1 | 93300b8deb25fcbd462b7087317edfdec69e13b3 |
| SHA256 | b3d522f3c91f846705a4eec8738542f3cbf0339b98d1a0b916ad8eaf62dd6f24 |
| SHA512 | 6c8f395c45105b6da8e573e6cff99bee817e8487739d16eef8dff3bfe2ae8f025fed3ec9b86c2caa4bd07c332081e926e8bdf817bd52b81fd32de82fb4bcfeea |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 21:58
Reported
2024-06-13 22:00
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
148s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c456e2d342194489876598950ee30f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4872,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=3660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4064,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5312,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5212,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --field-trial-handle=5676,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5404,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=3752 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | grillen6.2-hi.com | udp |
| US | 8.8.8.8:53 | grillen6.2-hi.com | udp |
| US | 8.8.8.8:53 | grillen6.2-hi.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 64.136.20.38:80 | grillen6.2-hi.com | tcp |
| US | 64.136.20.38:80 | grillen6.2-hi.com | tcp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.aboutwebservices.com | udp |
| US | 8.8.8.8:53 | ad.aboutwebservices.com | udp |
| US | 64.136.20.60:80 | ad.aboutwebservices.com | tcp |
| US | 64.136.20.60:80 | ad.aboutwebservices.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.20.136.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 60.20.136.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |