Analysis Overview
SHA256
48939f78fe01da5f154eb76b0de1ff6b067530ed73dd222044fa3b07bfcbc173
Threat Level: No (potentially) malicious behavior was detected
The file a398677fca27b12d89b0a93d02e826b1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 02:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 02:53
Reported
2024-06-13 02:55
Platform
win7-20240221-en
Max time kernel
141s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d31c5e0166faa49981599008bff107500000000020000000000106600000001000020000000176f883c67fc7014f2f5bfb95d53ec73c21d35024c22b34454f393e810313674000000000e8000000002000020000000a7176915d5e565d9437ec3d41329d728ec932dc1269b30bd924fa049d88e6e2a20000000c5a5f218b09084345b501f260027c698df07cb0ab061ca809a8e96813e70493c40000000aa413cfce546eac15c4ea512d27e17f6a5c8a5f90b88111e6c718eafe5cc8ead160540911ff39941f11fbb3e8e0a85436807a28b861c547a401bfd01255ddc36 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409057" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e08758e63cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11AC43F1-2930-11EF-8A7C-66DD11CD6629} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d31c5e0166faa49981599008bff10750000000002000000000010660000000100002000000098d37727db22059d1b149535e7e54b50e6045169385040f2b353e197a977dff2000000000e80000000020000200000004b74065d28e300c27fa59acfb1af852e2459773faa74c757cda65512ff9d139590000000bb367be98f51ce72223b906446fc2962797a5a5d5e5206e6f684cf957eac21e7417b175fa5d73ae63879c09d10ff3f1fb9843df2725564fb4cbcc57cfb350328bc19112097dfa022de4dff5dd6dfdf413373b92056f3230c7d2d33200a5bd465fb00e07d4bced697bfa1c37fa316053c670d63be97de7e25256df228e29dfe0ae4923727aa785e51ba774e35febfb1da40000000000c9ed91fff00efdb1424b759dddc70a0460e1e9693c23b7742714384efe5071ba59dc6eab0066f9eeb9a773c35d04e6f9a43e2d346d6d0d4e43f140b4b3f67 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1740 wrote to memory of 2984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a398677fca27b12d89b0a93d02e826b1_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab234A.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab2409.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5695c1739a791cd3277ee6b5dc2b59fd |
| SHA1 | 89b4c9878053d6271f85c3f706d3fecbe3cb9da6 |
| SHA256 | 8f3a4bed800e7731f1d5c93c5600facc1f6df000f59a670e54b15e730a0b3bd7 |
| SHA512 | fe862c80e91e2c6b0fb7b71b932b542a2227e9ba5ed0a15cb407e61424a48aeafbfa8a8e33a1f538edd7674eff5d58fbbee2237aca59606fc5272b1417f20222 |
C:\Users\Admin\AppData\Local\Temp\Tar241E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d3b32b65e602816bb3ccd90f8b68181 |
| SHA1 | 71f39f5d85c463f5e090587dbe6f6f894f11bfcb |
| SHA256 | 1fded2ade0b39281dff771ea81e143474abc5f1fe7740525a41319e8273a2a25 |
| SHA512 | c5e72bc67bc3b524d3679d90612cfcb774ab086fcae16662461566d37cdd22f50a2397635f57bb0e80b0bd3523f9b5e632ad8c35c7bf5f39fa621cf51e1edbed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e05a06511fa45a819738a53b80a995f |
| SHA1 | ef1479741182a6259416d934ffcd2848c1f7c747 |
| SHA256 | d097cc03aff63a34e5ece6913e1f79fa68563736c6bba93fe2c15c847f69e00b |
| SHA512 | 0c2f9ce07508998fed2efec120a81d34fe08dcd09f2a749398179bec485549e31b6e88dfa498072e2781b1bae147f6433ff884b08e858de0b155c69e7205ded5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebab168b3087d15048790111e56eadbd |
| SHA1 | bce09ee8385317d2de6d83633dbbf83989c41394 |
| SHA256 | 89ef45bc6d2243de24afe28de35b0627a60c370af9672c29eb2f58d726cf465d |
| SHA512 | 1e7e58ea0591a35387cd3ddf5d0ce84568f36fb8927b417b6903cc3ee4d79c1bbc113ada97e1bebfdf89db6808c307df12c35cede9937c137d2f6a0292f830dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e9ec50a704ef06eae750e576e994d89 |
| SHA1 | 8c8c57f514a545f3570582f57324bcb3bb649ef4 |
| SHA256 | 575081770590b0d18329c2ef94f372f2533ad08fc2e31c8c9b84637a98caddb9 |
| SHA512 | b323aefb2a583baa31cf2e7f84846ada951a49b58ca99e1e0b7df140cb2c34efbe24395c2c5e3588c8807210526d6c565685f91db6656ffa8f9568c53ef1d92e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e846f7d2ae7d4456069238c4735167a |
| SHA1 | 5d3898e798d072bec11a5a03800c5c24c96a57c9 |
| SHA256 | a82c60670d25b188a4c684c706d5507a75710bc268ee14a51c5a5ecb1390031e |
| SHA512 | c522a014d2b47842f4079dac2611ff42ae7f9bd8315db5b8e8db24081a45b7b864e4ac808454a3eae0d4319c90f432ea2b73c1f8116c146aeac83679a4acfc00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdc229dafded44cdfd6ebf5165c3b5c6 |
| SHA1 | 47be3792595fc6b65a53861a9d3caca516d187b0 |
| SHA256 | 95014638657419c4953c5be3cde03f2d9fea0f29815072281d1125cb325756c5 |
| SHA512 | 99393858c0a951c85a98797db9370093094a34092513f9cebbf90a9f49f7cd514ac77d23c43c117e0855f1cc060d2fc03db5a5b7897df37e7a810d9c66c5db37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97874723e7c05e1f49e93194d31d7535 |
| SHA1 | 014c9628db91ab06f2eb7162dffa43c1daf4510a |
| SHA256 | df2d2a32823fac3fc0229a28a98d7d61cb6a9d30625d78f75eb02b4c0032efe1 |
| SHA512 | c44ce9749eb18e3f4282ece64f18a169e2769a3b0d61f7505ecda43ade21aadcbdb660df0198ac2e2def640f3e3b55f36b1d206e767018017e673308bab44345 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f362c4530a3a5cfce2c24dbb856dc9e |
| SHA1 | 87cc31e7b1879ce7e6eb177982f504acae1ed314 |
| SHA256 | 516ecca6b32d34e46c98762ec9f384aab9a54e17f6448a055ea71cf22eb2e1e2 |
| SHA512 | 3a0d53c27e8ba895adf622ce259aea63eba127e94e1ecdd0508a223145b0203755ebb23bdfca778e10492395dbed40c8c3946638fbe27e896eb8732aafc7df9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84dfe879f009b8d6830c34ecb1874950 |
| SHA1 | 3f6b3d34a43aeeb545de5e63b5085bbeac4a48a3 |
| SHA256 | e7190f870a1b0a8a09ff7841903e6cbf66d75fb76451a7520d56b0f665a676d7 |
| SHA512 | dcf7dd187e0d9be969293f4eeedd25d9b49e85735497188425d55eb3853adffd00313bea093217201e9019a244c96f2e563a957cfb061848823547b161004b26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6e3d35dee29f5b2e1c5559d837f07f0 |
| SHA1 | d5f88031fed1e3459812887c5cd8960df91a8cd0 |
| SHA256 | 02eb2e91bda4f6cc5b982af0602059d3065ef987dc79fa454af4dd4500985dda |
| SHA512 | 679e32c0f48eaf8dec2087ef59db3830dcc9a1c4e75c7034ba3dcf7030dc98ed4a304b928e8a8bc3ff7623944c5c30006e1a1e4bd86db452a2ce0094cd41bc88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44ebbb22bf19b49291a897896b453f98 |
| SHA1 | fed48321888904007d69295c8dffb57b9ca6f9f9 |
| SHA256 | d7efd5e1e0f78fa9b66a3eed8f391d7442295637336edd54a6c40c0fb9a74986 |
| SHA512 | ccdd81c950bbd64815e9164400535a00594fa54f47dc95f72ca7ecd4ffb522009f31a34b28e00c847950976986856069b428b7ddd07a9f699b69c8635806cb20 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 304224314e505b6fc7802723940244cb |
| SHA1 | 34d405d63137388c6bca96425ecb5708a7cf1926 |
| SHA256 | ab7847aebd72ea36f282a30fa0571db31ca78d8df83a19c555343f54740369ac |
| SHA512 | 4d118abdb3d9e916452123a0c50efb85afb45908b76ca52a7db9b2f360b8413ac2ad91e347adae7e7c00e223a5efcd848986cb38d835529f56ae441496d4ab96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75bbf41be889c7bb9638db9e293498d5 |
| SHA1 | 3edc4c0ce369a24226d76c06dbd19798dfdaa3d4 |
| SHA256 | 99b3010b07754322f49ea7b93738cb163e420cf783e206fffe02a7ebaf18e3eb |
| SHA512 | d82297e5503c50bf8387e2c7aaaee51d7dd5190e1ce785277ca81b0d18e86627cff03176d502dcc6a15b63a1098b680da8c6ac71828699a252726bd7fd6d06e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b1bfff4d61e88f51f5cdb1f200afdd7 |
| SHA1 | e69243bb375e3a73e1d346b3d7612d0c7c8342ab |
| SHA256 | 33451998a32460d6e03f795eecd9d1d2051530e2a16fde14bda71c314f00d648 |
| SHA512 | 4d786df89da6e4bc3369d2d00f254488b1598ef33113db04ee80d9306b3041f9515fe98d2e2753fee3d282de307f323c3c8c619da5acbd9abc778c881441145d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e76261fe730b6939b974b3d6c7378c6 |
| SHA1 | 7b29e821c49cc6f1af20955a0c8f22b279771b70 |
| SHA256 | f83edabc559de43965dcca440a628bfb01f789074d767fc5a91e13fb91df6e4a |
| SHA512 | 911c12b1bdcb7e6d9c384dfa250b46778a9b1fabad3039b842d75ddb89c0ba5dc584f3b9e455996d9550d2736261474f35001fd49d4007b78587e39403a4b08f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a34b3e5b2c17fbdd9037a2c51357735c |
| SHA1 | b7f3c2394ddff9cfbee8334104ac47301e80572a |
| SHA256 | e684d170259d07c2612e233929a218b8fbfc01ce31fe76eff5741cead49f3a04 |
| SHA512 | 11b74ebbee782a28e25a0a86879b8c278bfb063dd3a42a800122a04d44ad8d2d04a1be1f2be65fb6dda5a462830e3538a614e612924a36595791f41179ab6581 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2f35529b3abff487d762629c2fc2a1e |
| SHA1 | 4751a14a854e90b977d90d556bb54a5ea406a1e2 |
| SHA256 | 406417a09bcde743a6903b6354cd57a45a165d29b343279527372368e5f9cc29 |
| SHA512 | 3c6340400c7773e7834f68046b7d065467f96faac735300c43418acabc390cfa53f666006c966a3103618d13be03141138c88fa43e1975aeccfe5a26a76fb9d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acb38ab76071f75aad8cfbcdf2cf091c |
| SHA1 | 939cdf2538c50cc10ccb0d605c4c1e79bd282e2c |
| SHA256 | aae0dc1673de27145fc09782f1f1228b8e8ae23836c8636b5a7820ec656c1d23 |
| SHA512 | 6c4368c55dab0cb946a3ef7774cb000c19e06b62ae1581c0710dbb5cd7b323b80bdc691f6d85306ee138fb2ff7920d5df0f2427b5d3f859389203c87a5cf63e3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 02:53
Reported
2024-06-13 02:58
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a398677fca27b12d89b0a93d02e826b1_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5420 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4172 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5400 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5292 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5760 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4664 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ww1.go.mobilix.mobi | udp |
| US | 8.8.8.8:53 | ww1.go.mobilix.mobi | udp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| NL | 95.211.117.215:80 | ww1.go.mobilix.mobi | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.117.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| NL | 23.62.61.97:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |