Analysis Overview
SHA256
46c51a9dc16723a22f5520020b7ecba04e4883fa250a57345a05525083d8b4aa
Threat Level: No (potentially) malicious behavior was detected
The file a354886b60fc6242588fad9e614aa92f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:18
Reported
2024-06-13 01:20
Platform
win7-20240221-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d245912254f96a45b0590677e25d0e3d0000000002000000000010660000000100002000000047c5acda0df9c6cd40f58fa682db78ff7c4e6d0ae3ed519f3ac23ace52a2df7b000000000e80000000020000200000007a639d07f821424b9b8dc43d1c42d774c7e44ec9fa7abf78f028c0cd46b5b490900000007aff814d4741718a57d2e9cc5f77133211cfc79226ce43cf1c99f7ce8a59fc0f10d213ce2f65475731ce8256ac4aa9ce6476f6d85036428fb7807fb702ff306df1ba7ec4b8985249bc29a1f7c5c4b0e436d2adf07f9228a2655904ece38e2183ef99d4420e61bae3a8d67cdf33b89f0ac52951af1f294eb1455282ae08cc595f77085eef28ecee1bf53c86771bd0919940000000c95bd42e6872aa5bbdff3fa8ce4549111e2bd6d1dba9802383ab61672cf6563dabaf1f73aa0330127c96c287d64a01d4b2585696ad1e17274deaebd08832d69c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d245912254f96a45b0590677e25d0e3d000000000200000000001066000000010000200000003349d267b48459294092e32f7d9ddb5e55814bcd06a6ba148401858ae56640f0000000000e800000000200002000000035fcc38d41ce3fa2136b1e5255dca9e0a9eeb1239929a467df77aa96eb90bd1320000000473c895893d8738c9fa0f9d464795c26bee92f01ddf614599f09ddec3429eb954000000017f3be91928e6a33e779b933bf6e54d311f4c1fee6c069180c125496026b654c828c8578d1d19c22fe607f58f3d8e4e7b479a960685a5e0b6c77af2919deb7e4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403373" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D51FA331-2922-11EF-B238-4AE872E97954} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 201142aa2fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1848 wrote to memory of 2936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1848 wrote to memory of 2936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1848 wrote to memory of 2936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1848 wrote to memory of 2936 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a354886b60fc6242588fad9e614aa92f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | photographersinconflict.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| CH | 194.150.248.147:80 | photographersinconflict.com | tcp |
| CH | 194.150.248.147:80 | photographersinconflict.com | tcp |
| CH | 194.150.248.147:80 | photographersinconflict.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3c91fba5bf7f3680f5f5ac1d6309de1 |
| SHA1 | a6d3b0f8ee4446b3ddbc30c1e3f2a9c4acd73f5f |
| SHA256 | f2a2ae40ac2924419277e8d304be44343ff421a6e551e6741c05393f78594690 |
| SHA512 | e38083ba3d0d1d929197a5dd845fdfbe6ebf46885014fde716d73adfde278cec84d087f46daec572e98498f7c9d2f23711607c48f9c186bd8fce69e410e3ffa5 |
C:\Users\Admin\AppData\Local\Temp\Tar3C29.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab3C27.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3D0A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 818767a1ec5b19757095796c747be95b |
| SHA1 | bbc039565465194eff35b2fdeadeffe0b6bf573c |
| SHA256 | fa47791f24fa75ced274f01b58db547095e9c1d608431878763060cd9b71b725 |
| SHA512 | 1224489cdf6b34ff081bec08767d1f1630345ebbab61f579f2d43a07b114ef607307e34900da52ba3244a54df99f118f2c8a268f0fc6443cdb451f54e20216ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47dfc97587f2136b2eb4d87d1819ff83 |
| SHA1 | cb3a5467bb8a4c53922589cda11e077d394e6ff6 |
| SHA256 | b1773560c7de1dffb4ffda83bcb1c045961297a01acd6e29f18fd316e11ebe40 |
| SHA512 | ca5de256cf314b50e09bbfd377a9b7a24e97cd2b6c1a2e5cfff9f4bb223d38ea33f83f4602e08f9cb26282ffa2b8810a57ac3d18325d75dcd14024059fa8692b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73e0654785780347ec0fcc71b7e3e429 |
| SHA1 | 91350a386d471281414cb0dd2c4ebbbc27403e3f |
| SHA256 | 7dbe68fed0947e13d0463e9766d9c914573f1fc54c19f0ef7bd105ee947254d7 |
| SHA512 | 5c2ede4b119fe725f7c54f4f561ad583914c0287232e2ba92e1241eeb401dd70516be97389da6aad8857e24309582b6c6c6f8205751b307146589e36834e65ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7bcf23c3a35c8885e78aae84011b27e |
| SHA1 | 9211d8a015c576cacbf22da9acfdcce4e51ef9aa |
| SHA256 | 9494ec5fa548df85bd7bdddb71c227e08065c8cb0ec053b8f6cc573bfc02e326 |
| SHA512 | da4b57d739107e052cc0a0d62f152896aa35894d74e104f15dbcf031cea31e00c0db41f8c3255a22a2b2511d4a7e426ae6c371e36c70aedb64b3eb5487c69943 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d880b60b606ea1e20aa1c17e5c713d7 |
| SHA1 | a6681cd5dd2eda0fbf5e71a3cba511ec5b764f76 |
| SHA256 | 4c827d476bd4f5a4f7da83a19556db04d9c8927e6db7e0438478cfef544a9209 |
| SHA512 | 1bc6d05b8714bd91ee19e412b08d7b86d215e4d0da9147caa533e94d488f06f6b3d4ae9d152b02a0e223563b6a23c888ce3379c3afea57e0acabfc2ab8c7d17b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eccc8e715f214cb0cca96d19e9e90915 |
| SHA1 | ac0f13d9cca78552504e5fba077e4c2ec0065b30 |
| SHA256 | 3ce096364f18f88a7da41e3dd652539a5bd26b3760417a74903d9cb62c8569a3 |
| SHA512 | 91abe5f93b4f39d3d7587a902e85527ca1eff21a3ab41b21273eda299834f75fce7d233e803a9b76d9fdfc301a584299e7b131efee29ed50ae9ab8d8fdc11fae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 482866ba78fa1468f675612773513e0b |
| SHA1 | 332e7b96796ca75c9110c25cc72ff43955cad431 |
| SHA256 | 9c64d4633d1842dff790836e0074dfc05c5f59c2bb65fd1fd510435b99f64470 |
| SHA512 | 0ca03eefd4ecbae8f23fb5d226dba0fe415e3ed904ced35197d4e96fe5f707cbb5f36d393b5a62f2080da626870c0adebe87d45e47229202c8ac9414a53958b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20427b83c1e6718bf10017d84431d086 |
| SHA1 | 639c930d5de88002390b86bb449fb20bae305cc8 |
| SHA256 | e344797c988a1a817214a1a7922b246d6cff7588d8c75338b3414f703576d417 |
| SHA512 | d96a48a97bd97abcde87f0c08f27b940ee8f43743dfe1ed9d6814803808d2dd05902d93f6f099c4f5af99267790f11c0cb38c987325b4e851ff77c086ff7ceee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 28c1532c40fc3b236a7e1c4fb99acdee |
| SHA1 | 66ff80142c35cc7d946e03915ec0f7cbf600294d |
| SHA256 | 7ce3548b784c3ac92a651595ca551f76f6b7cf3c189d6eda73a3a18e4b7266de |
| SHA512 | 16e2c5901e6aba3c04fb3771fb7cd2aa477e04e986fa30871e3d0cfb48cd8db4ac67464f040722759630728ad434ccab3df554f05c6ca65fa75cd79b3f959c14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 460c6afcf6866cfe0ebb75d0abefec18 |
| SHA1 | 6f1af5cfe4247edb4629412bcbae3b3e6532d5b9 |
| SHA256 | 6cf7e0a40efa932eaa8a8688cee79fb9ef1ca903460b2245edc3cd2df587e0f0 |
| SHA512 | 192758c881e7d9d6f1c4fe0fc82ea7acc9046307bfc01b5019a26565159132154d4cc56c8a22b39ac108a01ea6a81c8e4517985d0922419c5db2300bb205f2c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43927b16613c76f1d284e6c8eba23d23 |
| SHA1 | 073a4ffd3e14bb1fdbb88066dfdf23e0dbf82f88 |
| SHA256 | 09ec23ba5d8eec1cb1a73914e960792f518731ab9f2af057a802c73718513e1e |
| SHA512 | ab101d7acabf28961076a41f209a21298d30804b140496f5fff3bbaf2738d61fd5db006c154cf9fd871daa5feed270add92c7391735a43a1383dc34fcb484b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c938526f461c80efd808783093d3302d |
| SHA1 | 08c217389f16aaf9f5f35ad152fba3e2662ee918 |
| SHA256 | ea7e3c4aca7ced633fc0c9537e8405d3e94fa8c5496a2e40cd8b2edd8d6955b8 |
| SHA512 | 41fa55910c7c20ff3649849f8a4d2f29ceae51d8f5c34d03016d6c7fc01a3e880751b2ebec38ba41fcd8b5862ae722ef11ad6702c5ab1b14c33bd1a70836c8a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f7bd2c5cf9fc0d8927398dc916c3e16 |
| SHA1 | 7c05d75728d5e0d6c1ab3eebc38a6db4c374ba32 |
| SHA256 | d01362e9c3b9bca0d683fcca304129e310563af46e48e76f106cd59f5d59d5ff |
| SHA512 | 02e35560eb63310145a56475cbe253191242da2607c0ef00d0a7020079deee4fff9741368d87f55faef303aa96b2ac68180819fd6aa6f6732b8a362c3e5b336b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f661cea1cb3ce7afb6a613ea9600acae |
| SHA1 | 37133c12cfdf95aa724ca1bbde0bbb8d2c40b977 |
| SHA256 | 632ce27b78752298dc396d1339e282211f945dbc550cf5aa7753c0d3aacb6c41 |
| SHA512 | ede57dafa031f9617620fdfed5a5eaf6f4ee516ed558130ee7a00c299cc526343afd32f5465f19581e44882894645feff14ea8549c9999a079ccdab51a2afc86 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 671df5c9a688717a7aeb5a3d8084dfd0 |
| SHA1 | 6d3cc898a51895e2cfbf4828507c461fa2a4e952 |
| SHA256 | fb4bc2d7ba598f61b5416b0ce0fdf017c17dace113ccd4bdbe279d780ecb14e3 |
| SHA512 | 668c8f18fe1699eef2de15b5ebbfbb7a9bd0bc559317b04d152b01a350802ccdad3c28348412d61c757838f935bf7e15ccf9537e516535463e8aa180be54c1c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 549d65cd3f8532b6c6fbeb6d993c8581 |
| SHA1 | 9d1bd45f64a8dccf01c05c1ebab7322abb79db4e |
| SHA256 | fc9e09114eb531b8e4d42f6121aa3add92bf8707b5fbf4d613379971567ee3ff |
| SHA512 | 51be5346e02970ffca0b34153a5b7d660cdfbe4bbe38ca3ff331c2bc146fba7a175651a86c0ff2dbb769bd0537f2abf99fadc0857ee9c736616c17d75dbbe137 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c5f5636e543bbd3ec835b3ab488e26e3 |
| SHA1 | 23ce99c42248d28c6d8e50a07d0a05b867d5702b |
| SHA256 | 7379468c379ace9d47676bf1e18f2b802d09f73cf9af163a068a85aacd71a7e8 |
| SHA512 | 7fbf988c03d424a707df121723e071a4cc0e33729d9e862b8863ddc1a5ba4883b740971a4226ee9bc31b1baab57343046ed6eeb5851c3d52e66255895f35d370 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b5384b0e633f3e0c615b9e07b00aa6d |
| SHA1 | 658e2e6bc6b62c4480b0a61a6cc992a53c9107a6 |
| SHA256 | 199b00aedd50f7c15069cc5c2e9e5a96a9584ea0b83a83f8bd9052e0d3ff5a83 |
| SHA512 | 7c71082dfcb7a3186eb655e28b1d9925749604e33fc417aa79af15d09da3af0f9fa535418dd67030d8599d4feac8b2470314754aca6ce2b43dd2cc6148c545bd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30739ef46b95cb99a75f33dc6187b097 |
| SHA1 | 7d52408c0095c2784c07598872cfb8b755ed3a46 |
| SHA256 | 00e4a129e4186af633494457fe8233002f49f9104117dbc9e84be40e69c04321 |
| SHA512 | 3fe2afa4f733ad48ef5ec510e380cf924e0e37ce78b793637e61920e3d2f314a6ff1ef2a0c144e0ab84d51fdc6b5bf6e3eb4bb77814ac1314657c167cd2768fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd7dc4a657e83bb8bf32e9dbdc84f7a9 |
| SHA1 | 956b8527f8be9cd730db9209e6b599aed0ab0a9e |
| SHA256 | cf1c29c055a37b389682bd870cf2a91fdaa197b44a79b955bad570cd1d400f72 |
| SHA512 | f4f23e3397dbff41a4ce3bcd8bf7180cfb6af723eef290842fba928d3837ef85ce944e940b54a7bd42cb9b55bec4abe8cf48f133b96b0dc5b3c72783f94d743f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0396959384c64f33a9e06b2220bbd26c |
| SHA1 | 97f11e1c2412165a63e06f653d359486b354d437 |
| SHA256 | 780855e4ac72261b442994693b50ddecb4067cd92c42e1407a213e71ac6ecc20 |
| SHA512 | bbdaa8811863c1d51a9abd86696c8003bac73c5b9dc255ce7837e39879d5b8cf4b705a5b88a3ceb8a85dec4fd2c117e9c5c63cc0f8b83c8fa26a8b1d0d98c733 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e4257517020ac0a43dcf92e63418d7b |
| SHA1 | f6d7db12703bd83d04a17a498f90299aaf4a362d |
| SHA256 | 0d8d1b3ccd640007de56982c1f092cc2172e2ca5173bfce6e4f037599104f3c3 |
| SHA512 | a6d99a63030fda1e13bfc6ceae015d6ebeafbfc6fbdfb38336cde772bc07a21a0b722f06bd66db279e71f369d9f76247f3a900b840e70f89b93a3c91116e64d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f3b032aaeddb62d17cba4359d0a028d |
| SHA1 | b581afe251d5e479e8a2d98a33dbfb27991f1157 |
| SHA256 | b3d3d5b19513ba1f32bf8383e8e95c2eec35e137e55954840f7949ad4dc4561a |
| SHA512 | 56e7eccc701265d6204e1f54f1c1618205b8c17a78c2b0186e6f2ce8eb484ad551fbfe435fadc9b609647a36010c9442dc1dea05b1af67b38164e22284eaf254 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 639464994a4ccd891caa801d10f914cd |
| SHA1 | d977f965a7843a38fa2ad1ddc7346eb3ef10690d |
| SHA256 | a89f5c831425e3c926c68e0d9f5f3578983e9caacab472eaa8c479d8db80a3c8 |
| SHA512 | 7a19b2bf63b1027dd741c9697256a1ee187d05b93cd68bc4fbb31aedb2687cc56b12f25dccf4d2b51c1eb9cf156b2ec8e7d310fb0f4c732355dd001e4811f6c6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:18
Reported
2024-06-13 01:20
Platform
win10v2004-20240508-en
Max time kernel
143s
Max time network
148s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a354886b60fc6242588fad9e614aa92f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3768,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3844,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5240,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5424,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5440,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5900,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5432,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | photographersinconflict.com | udp |
| US | 8.8.8.8:53 | photographersinconflict.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | photographersinconflict.com | udp |
| US | 8.8.8.8:53 | photographersinconflict.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | photographersinconflict.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.infura.io | udp |
| US | 8.8.8.8:53 | api.infura.io | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.infura.io | udp |
| US | 8.8.8.8:53 | api.infura.io | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.infura.io | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | api.infura.io | udp |
| US | 8.8.8.8:53 | api.infura.io | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | api.infura.io | udp |
| US | 8.8.8.8:53 | api.infura.io | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |