Analysis Overview
SHA256
8938ae8b22d3ad6e249b594a47062d9b0460dfa3107a5066201dc6fb4f0e052b
Threat Level: No (potentially) malicious behavior was detected
The file a394111b0c9f0de19f331b6b175a706b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:45
Reported
2024-06-13 02:47
Platform
win7-20240611-en
Max time kernel
120s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00af3fd23bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000dc8fafd396f96dc7ee8d836f2ff70ef6a9358c97cc531d79880889e4c2ebc958000000000e80000000020000200000007943a9071da1cc00ffc81b32017fcba1092292a21a35d1b85499c37a946da939200000009f4547d380183ab44a0022d1c838209c919a161493b0496b231ad4da2352647640000000f6d959a1c5a4acd49327d633e77ca3b2ebe89aaaeb3393f9e02db9e6f3b81439ec1e5a512d05f32b9ad169cdaeb971b7753f4f7eeddf4b397232bfe8c96115fe | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424408595" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FCF90F71-292E-11EF-8144-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007b00ae65ee3c01c2387db30cf3a862599271fbd8c1d914d9d8ee074b05c9dc98000000000e8000000002000020000000f6e21ca433ff9ea3d7d39860f9fa7d2ec43d1ee9429ec2262536bb19d65bde0f900000007f1dd318fb34398413016907a14dbf2d09623212c61fd8e8881e508591080129ae12c1a8d227e905445ef3a2bcc5fb13580aaeb0b30858248196c4bea214e1bbaa7d6782e8d63326b0c9392a0840f34ba7026d7adf590d2c316c1b42254d05301690e977a5e144ad57e0b51dfac2775a253bd816890e54c4bb21d937ee6fa4ff12648c973ef99bd8ed34b2f8642df8de40000000e4d0cdd8f124fb67235f24c56caa6bd3e7a3c34c756726f405e2f16ed3cd5a59f5d0562b36d7cf983dff25ff4f3681e8bbc5152465f6c5c67f3d62a17a78be74 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2240 wrote to memory of 1420 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 1420 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 1420 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 1420 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a394111b0c9f0de19f331b6b175a706b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | adp.regione.campania.it | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab70AE.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar716F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a58e6dd68b2c19f9302d46b2e3e2f716 |
| SHA1 | 7a2a2a8c2bedb57071d0a2bb5eacb5f30695bf98 |
| SHA256 | a63e924bbe31acd2cde0ecdaf805c471c4a0fff0f54f8f48d95578c7f19baa9e |
| SHA512 | 09e0aa5ae2637a0f3ce5b731f231880f53e97096d0dd6bd698193e1dbe5025359a7e095751db14ec65cbb14dbbfe4a10a1c2540681c9946d1a692b00015f0081 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c1ed8e5eafdb09a143d99962a2936725 |
| SHA1 | be38a9c45d93fcf93c6bbb1c50f2d8f0647c4863 |
| SHA256 | 3b60b84b2b071e89af63b3c406d3f4515213aef9386b32e0e9b894ff57e5ff4c |
| SHA512 | f2a3ae85f4ed145ad8fa4573e9821f55893f203fe404ea8e958030ce483510c998e5185254e396b47c2d0b34dec0bb7e22ac0116336fa3dc62b8b491fc14150f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87f0892c237d3dd262a66982670b6af3 |
| SHA1 | 8f3a2b27cd5f7343d8d0ee5b40a51de34d05a5e7 |
| SHA256 | f234ca747300c46411302e0722ac25ceb3f5038a112bd700eb4526047bc60bd7 |
| SHA512 | 1fbba7610b99bc0e9c12ced1a4824d8bbfd5e28f6ceb18c678e09c3f1f3b576118866801653e772b36867e2f2d381cf30d51061b2372848903fa7e1eeaaddc00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0238727606372db19a53b316462809c |
| SHA1 | e3b7e568e7ec1a0f7183dfc2b4f33daf0c956247 |
| SHA256 | 798b7361540ec4f429a475650b570db0943929f5561e78b6d30c5dd9af3f0167 |
| SHA512 | 798a10ccfeb9adcd630ebac019c0a63c6f045e7f53d4e4dea4cce47a629b139f6d5bf34c537f0f5ba08d2d8f1c1e60490eef51f0d0220c463e6a5a5097b5efd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87da6e2a93994a8b59d4230835f3e58d |
| SHA1 | f4a37e2c98f805d3a3a4d3d42012e4e9fe4630bb |
| SHA256 | bb6024d58e49208716150720e2d8d60130f4654bc1cc569ef58e28e347107ad5 |
| SHA512 | 135679cefea0a2c326f43724dfc35237ac1ba812c326984184324e3bea8ed633ee94661ebfbc7c09eef48f493abfb821f08cadc91cf05351d6815627610c65c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41274bdf7803706b3ff19aa2f6bc4307 |
| SHA1 | 5197004dc8e6b787e236a97cb9063ef77b81830b |
| SHA256 | 8aad92838141fbb3cbda8dd51c02accede8e4c609a7cbb449a93ea8b09578fc4 |
| SHA512 | 523674df8ee02aa46d3e9a8838eb278f70970de2c918b2dbffe9e73652b5fd360b3115c75e2e5c84f6841fc8b38f4062ea5e40471e10a479c9d65fa3f1bb2ca3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d834b18ef17201554c106d3fa598fac0 |
| SHA1 | 48c90d594444b91716847c8f79eaebafcc6398ae |
| SHA256 | 374b2c562c0ef9afa050886edf813f9e5acb006f506bc740e1abf642900dc2bd |
| SHA512 | 2a421abef94beb421792ef85871b5acbdece17227b7bdc9ff3284b0d289b96dc0873982eb7c5742bb89e9873a30ba74d774799f0de5c8ecdda86ebc1d716490f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eec3f3bc119b4c7b515992efff483db2 |
| SHA1 | 51d59ddf9a350a590a8b5f3efecbbd116db136ff |
| SHA256 | afb84a59e543ba015174c45f553f7a6d47c3aaeb03f7f1ef8dc618d7f759451a |
| SHA512 | 873aa7092dd6f00ea7a15fa439999ec83bf6316515a79c127334d546e56dafae1866f983f8797a7ba9ca30b695e75631884f60d892d2d1ba69ebaacf26f3f2f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c3eb78a49d172c7782491fe2386a407 |
| SHA1 | 18a40e1035bb2be576990dff3198b854f716b812 |
| SHA256 | aec2296b410833c08c593f90a2e967019583ff28d6d728f2e7d2d821a82bbdb3 |
| SHA512 | 3161658e3486f99c8ca6a839241a2b2da7c77b8d1e7b0960618fc8ed0d2a3203c113fef799aa3319e310f2bf60d26a248f575d54f8f6f53481bc7b801de8b0b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 825041798efca35d1123ff92ea636c72 |
| SHA1 | 61463b3ad1cdfbfa0c7cf39aa72c604e20a56155 |
| SHA256 | 7236d79a275b629224659e2e2a7c24d06204d122814253552aa5ddf2cb4be969 |
| SHA512 | 44c58bd40294b14e4439738d14dd78c20b37f1750430ad26b7fcccd61981260b887d28029a5a77058ea7adc8f5bb333809360aeec89079490d2d49a06ee6e0b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bed9b53824b0669548ca361efb4acbfb |
| SHA1 | aae61a11fc9573529f3eefb2327b44702c4eef08 |
| SHA256 | 4a51dcac7c026631007d161450df1f33afbd5f4527de494b294bd14a91a415a5 |
| SHA512 | 6e628991efe9caaa6ec24163f7f293d774fdd0ad81a30f9ae06860bae43c58677cb4651789da621fc02ec856aa9f7ec360437108fc9161ff637b648fa45741bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd64a71a2ab66c304cbde6fbabf4fadc |
| SHA1 | a1b2f4dd31fa38c81f1ab2c134f75a0657da6a3f |
| SHA256 | 25063e9c8af427a7c30f9be0319231a196912d6394f840bf0af965c83b4932b1 |
| SHA512 | d9a6ada8685a16e3f01b4561bafe454198db332adb0fd1a50c7d192238b656cefae1ae827248755db19177483d015563deca7e326321a79a4543bb7623c190ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8dca33187b75a76df7650b4a9f08cbd7 |
| SHA1 | 59a74905298fca22b6e89a40600f02fe0913317a |
| SHA256 | 1b7e23f29de5e61750ba6532c38933ed06eb52a6af04a1f7ab81327b5c71ec2d |
| SHA512 | 544ea0e8782cd322b1487163580df30e3b81688b7226b19c6fce1bfb4c2d62555485d5a4edf44a9d1de1da6230a298c17fca214e307bff2a0a459de21acef550 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44e6da26783916e60ea7f98d1d353f7a |
| SHA1 | 9c33cd040e427c7316c866bd3acb036dda83c6b4 |
| SHA256 | 894d42f784b6a360a64a702db0161b5ffc97e92ff0ba3c4a71dd14ac0a509a18 |
| SHA512 | b982c2516db8426e86e65035177bf7114fac5501295196ecbadd47afb11811dd4fad69cdb819781edb5bd8615709e0cfffdd22b2709647d263646befffb86323 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f101585c2672fa1c17d6f0fe086a6db |
| SHA1 | 692ac5ea34bf3ef88d14593c75aecd17e3986ce4 |
| SHA256 | ad1e4452ec136f29063cf318da9109e40d9d65f8d4bb7976298ab21cee3f8517 |
| SHA512 | dfd13eaaa962a776b5be8a791bd9103716a0b8a6becc9464e46503a78670cd74efa12c842fa8b670184bbbf7b73c8de1ab9aa828835de39e3a30e356a6ba1fe7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35d925ca3a68e0512ea69aa29b043d9c |
| SHA1 | 63f4b8158bef1c33399abcd3a60c88de6bcf3046 |
| SHA256 | ca2441a213f319283804bb9e95157d93abd949dd799b6a2f222882b0c28f2485 |
| SHA512 | 1a08f51f2d5d55d4589676937fb04d682aa063feab837116eeaf29c9d7880424cb1414d2d347998a6304eb678ffe2a020da0357d846aa919ce58ed3313a8e029 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 592a5138b9d79a00cd419a52398ba95d |
| SHA1 | cbad9b90cc03a8a46447d90fa0dac5bf8402748c |
| SHA256 | 2e8f221e2427e22a58c32bdbbf21824fe4535b2de909e909835fde92967dac09 |
| SHA512 | 09f8264ea90046b508ad56ad5a65f252d501b0a676f052e46ea1adf078f5c30d748cf4174d43acf5d03fd9c481cc7b670e6d0f7c7af535263cfb55aa7008ccf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74ad0ec23e28c7cf384de942aa7f689c |
| SHA1 | 3770de8efda0bc408ec8dd4255e10c94e0579ff8 |
| SHA256 | 2b544d4cff700d1824346dc0940ea856ff597f5510b498fc35dbf93828097145 |
| SHA512 | cb3f338495c17f7c08ed7513d62cbb0e9831ae18e60eb3925cdff594c027bd3a18ceae3a72b76fd0af0d0c412e46a6f6a15aec5788c3009ba1989d775f02ef7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ea3d3f81e68569f53fe7ba61ee4b862 |
| SHA1 | 1fbf0affc750f409b3292f6ae55ea2076e9a60fa |
| SHA256 | 049f3cccccf3c1401e463fbb9c3de8d6ac9bdd236906676e56d949e990dd923f |
| SHA512 | d08e4790eb1b6f5122e848a0a9748b4aa097023108a74fcd010f5c28311f4c8c01a50548cd60cc9ad636c0e737906ba2f4ae265c54a7b8bff6b524e483da1ba8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e12ec3736e6785f0bb10a60e29040b3 |
| SHA1 | c95d0d18aac03f6481b5f2df41043b45312b9d6d |
| SHA256 | 375743ead6e50cf0ee2c7864803b468716fb188fb724788dedb07e34991c93c5 |
| SHA512 | 586afb746a1dbc73b1bbd19b2dd437de5dfff628a6ec4d6fa5bbe6a771d4d006d50493adba1cb5fdc4f4e2892274524913a04b89df84328d4e10f3ddef4c2f44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79167fccceb173317bb07477cdf58faf |
| SHA1 | 57906eb0d29af3abeecc597afededfd538a531c5 |
| SHA256 | be420dab9b0bf06f8501967fdfdf149797b49566ecb345f199d1e27df915cf3a |
| SHA512 | c84ecae46e2e1026e9c3afea26f747d4339dafbf36129d4456d253ba0055014f4dae293af1e7ed93113e8784e2a56f0e5c452b0c42b6b6acbde4311822bae5b6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:45
Reported
2024-06-13 02:48
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a394111b0c9f0de19f331b6b175a706b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3436 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4000 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5844 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5980 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5512 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | adp.regione.campania.it | udp |
| US | 8.8.8.8:53 | adp.regione.campania.it | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | adp.regione.campania.it | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 104.208.16.94:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 94.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.204.74:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.246.116.51.in-addr.arpa | udp |