Analysis Overview
SHA256
84c8580882868bc6579173fc5c086edcf008c18d0fe1427e84edd7b01db8b48c
Threat Level: No (potentially) malicious behavior was detected
The file a356a7381ae3d48580701fd072d45cdc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:20
Reported
2024-06-13 01:23
Platform
win7-20240221-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403501" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e3ff353921dcf4e9bd15ffef315904f00000000020000000000106600000001000020000000962239076468801f54a5e9bfe5a9c95ec66bc245ce31a5eee9b326a890cc158f000000000e80000000020000200000005b8eb3977af214cfb4fb10e91a895e8308666f049faea660d12918a6448150e220000000088db32c9ca110b4b235c43d0ccc92e5a106f1905d41e07fb6e7d7365fabc2fa4000000095e74cdf47f838f322f6e1906a14703eafee45ecc1d569026281f5fe9571b2d3658b64045864deedbe25d1db2b2f530052dbd7dcaa1869fdd64548023552dc0d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a209f62fbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{217821D1-2923-11EF-A38F-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e3ff353921dcf4e9bd15ffef315904f000000000200000000001066000000010000200000004729e844075ab576f41d5d7856cb652161fee169844641edf0c8d8363df8afdf000000000e8000000002000020000000c1abab3c2fd22d75e33657ae729f0d2611b67103a1b891283e4f299441fc6b419000000061d84ad122ca11da05ad9d46761461f3e4d6c10dccccbf1fe78911fc4bd22c16d1a7a3882a45a036c6172b439d437cd45a84df50c0b86d6f15ba4c8b8a327790a7c2999e42f1e9430775f5b7bc9db42a894e2d0583b3e4c294ec3213cf769e94c6a32b4335742b18c52d13d60bd7e09a6e207f53e54e04bdf932c27983b7c2c58fb5413268097cd22347ae02c959bfcb4000000010a79497850cb1a7474c622363728b2fc6b3fc58a01ff9a079c1d441d3616bda3978789868bdd4059d713263d200c3a12424864e986c4727f1c5ccc9c4e39cfd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2408 wrote to memory of 2356 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2408 wrote to memory of 2356 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2408 wrote to memory of 2356 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2408 wrote to memory of 2356 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a356a7381ae3d48580701fd072d45cdc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab37B6.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar38C6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82b68cf5a5052de03b2ed47210235509 |
| SHA1 | 0fd67e0fdaad85f0bb8148a03de40561960e49ff |
| SHA256 | 18fe45d3027d32e08b52db674628aad531350693c008049319deb16584032d65 |
| SHA512 | 65848b51a60d070e2460704ddb69e4b598d430392eb08269d7c57821b3350f1dba1a11a7960e7e2088ca6ec2d761def5177959b689326ed34be868c77f017c27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f660c7e0f773784231f940b577cf9c54 |
| SHA1 | 99bfc8a9d4a98089339997d1d4e30ebc72b8d2eb |
| SHA256 | 0e4ffcb4307a51959bd7485b0f75052006e7fbc8b272821d8109a64c28d73d53 |
| SHA512 | fa050aaa75016b7321d1d49bf05f79fa3637e6887f152488c5404b1137af28363192d426792deaccc5423933dd976d8765dfa48b1a3bc9d85c11e73d3084bc19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c43fbd31e952e658962f6c657d556ee |
| SHA1 | 5040b0cc3b8f37b10482e3e3f8ef11bf88537459 |
| SHA256 | d9d835f984999f6dc793970bb8e19a0018b69550f2cd00ff4793ec888e200772 |
| SHA512 | c88cc1dd55c6516e6706c11d4242f0806e970e0c0707a7c61a4cd62f7e5cfe58980acc5fa6087f4bf7b4dc60bb995fcfe4b43f02385d39eb27c799a470aad5f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daa6df8bf6cb9b1ebc47f7c835d8f0f4 |
| SHA1 | 02c0829391a0caa14c2231fee355625c4cbf0d6f |
| SHA256 | 54a4051f44f8586bf4b4ad12c39e1bff744a317accc98c7660ebf6879d7304ba |
| SHA512 | 03e5989f4f2f3f8313549a015f5ee32cac7819981304e367a5849cc03478b85a9812cb9cc1f2aa24c46e05ec2c09f4500cbd8dd9322a8e2cab9c5c6144c31400 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b11bc08d4890d271e5a9e157138567ff |
| SHA1 | 7bf8be02b635ebe96e92591480b98966d4ac012e |
| SHA256 | 7c9a7708c0393aa68e445381a2216042a4bb07a15f7d73e62621cde001a11fe3 |
| SHA512 | edeeb1a45572e18d1ba499ad7d905da3b6700f258ee77b827d14377040233437289692f639bda79e594acf9801ffcbafcf51ea865e460674b6d2aca7f9a82326 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ffa39818f43613bcf369d28bf1b9350 |
| SHA1 | 1c5fe9d2b1bc3c4c889f3b7bba1f0107aee24ef2 |
| SHA256 | 05d6e333089e79f85fd0be0d952e3d9d0c1b58eb20ea0d8203dbfce755022dcb |
| SHA512 | aa6869ef021cc17e3c09b3c3f21acc8d9ec33c3f7eabd08cf2f9d41ddf6006ad85e84af86a5f2cc8a3d02b881694cbf8c866c01f9888edd8199aa6a72cd63fe8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1eb1b3f4c92f5393e6143e20ad825b93 |
| SHA1 | 9b90d981cf58bc8405e320654f53bf4ac2605551 |
| SHA256 | 879602100daf6bde6bc95ba7d5ef3a6ace4d5d0bb98eb8e53fe8d09c4a0c1f3a |
| SHA512 | cf9421dce9319db6a0202628b95be5dab165d74b91b27359efc6694698a7d101a2961827a626fa8f2873c1f648812fa4fc7f4763d1108dacd7b2f27d289a30bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c892e894b4d8d24a5a1d103c1bd0b8c |
| SHA1 | c2dd7b012de11869f97dc79074b87913b94c2333 |
| SHA256 | 761c377df4acb31e6eaf8335a39c7a8f76c62a7eea17d4cffb663d79034150eb |
| SHA512 | cac3d1572942ff6267e0690fac064d996527770569ed01353fe75cb3db0591a888e27b14d5275ef69828b5d23246bee175e62e9cfe64d68212982cccac95dff0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fa3f9e9a1eb62caf8a8cb12b1efcf4d |
| SHA1 | 7a06f7f2bd76cd19a7a5a96cbc7c5d0051b3fa85 |
| SHA256 | 5623357f2386ec4c1aa0eab43c4530285fbc4c510b85918361e3791e98fd1054 |
| SHA512 | 8f54bd47251f629e2b497215e6e9f22ebeb829ed080d5af8085e45583a57b7feaad1b120999f766688dc925c5958b87fa9fe50d700b319ab1f638ded48ee4ac9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c708a7872a7ab8d641151a59bba5615 |
| SHA1 | 483bf57925648f2bc0d4705130d80a92f79efa3c |
| SHA256 | 2bdd9fdd2d7c1b738739f316b3a642c936b1b6e54c29dd2e0b5504fb53f4c809 |
| SHA512 | 6247fd2fa7a4d4a6ed21b2ad5b57a4b4132b542bedc39bb4ee762cc10a0327ab541c99e6f0534df4ce57fb77fd92e2c6011fe40f1d06521191a3400d51dd34e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d733cadc3c3991bc466106c5601f165c |
| SHA1 | f7a0d2a3881529f15333a2b306dcc3f512ad4337 |
| SHA256 | 9028321d58d429bf424313b85eb13ecd39a1ad4cad1d77629fc661feb159b58a |
| SHA512 | b407661c03c40225781033d5589052a841898dfeacb2f5c17bf12e31d3215d4b22aaccbbc42ba022d18c7c03ed401fd577abb2dbf7ef75a9c6978982c36cbce6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f18aa2e652797c01eb1db2fe1cca6dc |
| SHA1 | 4127da5b8b4caee7d3ffbb28711189e8a3726c79 |
| SHA256 | a0d2c4735d4fb1132b3c481a141e8e5aea8e7ed75efc63f36a3a19f5d029d6ff |
| SHA512 | 3425afa65054eaa3bd73a1e317e555b0b9989dcd72e9b3486e4fa09653347f5f6024ac3017e90d94c53f6d611a69ea6ee266a8304fae9f0426a94b8783fa7428 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5eeda22b8cc2527c51f613221cac934a |
| SHA1 | b8dcfaf0cb4e1714d24a8134dd200896d51967b0 |
| SHA256 | f000077b7691af5001309a052d08ee1da2c6f8dc3f0798583a49e54786dabe80 |
| SHA512 | 4b29bc592551a49809d990d5bd5a12c25338567609105c1c28b631661cc2db96fab1c9de8fd0a646f4234c5ceb3e2e7912ab8cab66657b069eda37828b8760e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21beb98df9b553e34153db10c2059770 |
| SHA1 | 108a4d5296909780fe9e2cb1b7bba4b01efec967 |
| SHA256 | acaa30a03331be4ae14a95dedc38af7e6d682002aed8f9814e3ab75e05a4db3d |
| SHA512 | 2be0ca5e16a91b688af6c5c542b47cefa1cb980b5c0c6b96cb18429d5bfbd0e743ca856c49e3f09f3c5a52311e846d6c19b5a7cc110bf8df8c2f8c6321c559fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32b452df1b580995f49c602f8367aeee |
| SHA1 | 88cb079ba64454c2b3921c4cce8e31d69b6a0e22 |
| SHA256 | 3f45640b6e7ed7b0db94d3985b56f19020cb7178a4daceeed569c97bc4fb70c6 |
| SHA512 | fa26dc4d56a802f5f7e4d9beac8cd56a7a26b773852a9539eb9a4292f3c9fefafac76dba51657dcdcda0d4c188b35c983a613306d9146287543ed16a0c6a2d1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d39cbfe94c3481587c3f8ec78cd930bb |
| SHA1 | 03faa6e43d81a9fc6bf3fa19874a9a02d7719a66 |
| SHA256 | 8084abfb7be15f0909fe9a2117d34e464f78ca2bbcc1d2a9d0dc5de5ef96ee93 |
| SHA512 | 54991e3bd03ca93cea4eb4045c37f109ae67440a710e6ee11ad99bc040d1bb4adca1f7b9cf9c83268a0f0e15804747064d0e10b6d85712c07d6ed9cc705bd2cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aaaa57106386a3041ef16a4be4cce4fd |
| SHA1 | 0ede2398cf1c310d45c6416f83876c30bcaf72bf |
| SHA256 | 6e05199a890de6663813d7ec42b059c5686d27d302c33bc848786ec82a760c45 |
| SHA512 | af63b1ee631c920248ff1fa7e3de205ea9996a7a187f1cd2078de9c68e9b6221989636545bb56e8b291300d467626c0cba8318c0cf06cfcfba6e7de6a6b9a6b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 427c808d75281fa946c38691e77d681c |
| SHA1 | 9b472d832cbacde9931835901230dde8f7d0124b |
| SHA256 | 9ab7eafdeee6e1695a5cfb49113031cf30dd430f4642eb4a1ebe258a2c3f0891 |
| SHA512 | 1fee59785b8419049043403017ed7dfb0b2fafe79b3361f9891716989a79f5f497b7b9eea6cee8ee27f9d0bcda935bea4694a72cbbdb044a0614579613ceb394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 755cfee42fb8e2918e00939121f9d5de |
| SHA1 | 687c8d4872699097bfbc89f46dfcaac4995775a2 |
| SHA256 | 3af3e56f113b1cdcacae3fe5b8350abcd1feae9b16ed646d451c80352f6f5e64 |
| SHA512 | 7ad0c4323c651c1b1036ed872e25fe9506c9d5b579e103b626291e63f66c0ed09a412724774150f34b6d3829df3602e78d98aa94a3e2a26488b9c8229c1cac36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a49c94cf9605c2da1a31d1ba997480a |
| SHA1 | 7b9fc67f724fd22ed976f20cdc88bdf34217f1b0 |
| SHA256 | e4b6231482e848974ec315c0750e608a0962046f5604d7f0e1b584b4af3da57f |
| SHA512 | d9521a5af0c76012f49c34cb9632437222854eacb5af8c1bb0788962f36ab91d6f11cdd22f5e5aada3838c703df56815de12e5a80288b1888d3d3c75f9433cb7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:20
Reported
2024-06-13 01:23
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
145s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a356a7381ae3d48580701fd072d45cdc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4088,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=3784,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5212,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5292,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5312,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5216,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6032,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5748 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |