Analysis Overview
SHA256
f1c33c7cd370a9f85273877a4e8b9280c5935a752955ea81dbeda38fc99db570
Threat Level: Likely benign
The file a3cad107b6f46960ee4a4393abcf38b3_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Detected phishing page
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-13 04:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 04:14
Reported
2024-06-13 04:16
Platform
win7-20240611-en
Max time kernel
118s
Max time network
134s
Command Line
Signatures
Detected phishing page
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a085493b48bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{62E104D1-293B-11EF-AB87-5E4DB530A215} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f55b1b403b5dbc6b70039e4f59ad22906954a14d7f259b78ba1f9d6724399e41000000000e8000000002000020000000cc312c51efabbaaf2b1951e529148940c7520ea199ed5726b9f4fa34d8d58c1b90000000319649867899a873bc820be735f20740a97e1b37089455af7000a2ea4354a39f70989022d3e1aa4ff1869d31d93ca4e5009a2b5778eb280dace551095c7137a59a1214f81ee43d583ffce61c34c6ff17825d935eb6c08897b02197416f008f522d4287413810445d5ad77eb10303688cb3aaa0da3f48a31703abe9ec41d4546e8490e5de0c3afcb46d3c617be5c5c432400000009c8b80eedef1acfd2d3fbedfc80118b93ca799bc88a629dc7c88994d72b28462cc1e62e516040871430361aeb29fcd6822785eda1e1c4c4d47a8af66e1b9d4a6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424413921" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000dd320b4032c8d1dea9d87049c421424d4a514e725a345b5758e78c770b23895b000000000e8000000002000020000000b23d6b458ff6d9b95969c8d01d15396fc9a797d664625bcdbac20547678b3c56200000008feaf7a8f155296cecf913e42bab311cf88d0583934b385da0177c3ca8ebc794400000008c23c127f120e7c2ea5264f21a3cf59b3b8193e144b15bc24c61cb16bc49845a1817923605db9c30aebac11cfd634fcb1501959ebd526a87ec25321f9343044d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2764 wrote to memory of 2588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2764 wrote to memory of 2588 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3cad107b6f46960ee4a4393abcf38b3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | wildwillis.net | udp |
| US | 209.147.116.207:80 | wildwillis.net | tcp |
| US | 209.147.116.207:80 | wildwillis.net | tcp |
| US | 209.147.116.207:443 | wildwillis.net | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| NL | 23.63.101.170:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | www.wildwillis.net | udp |
| US | 209.147.116.207:443 | www.wildwillis.net | tcp |
| US | 209.147.116.207:443 | www.wildwillis.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c3f3f27617b000a49e19ac635508601 |
| SHA1 | e7de77b55ed6a576a229aedddaeaa1cfca637425 |
| SHA256 | 880c4a4603b6f63be859fc5a8de4325f1691c0dabd3ed2fbab067f5c1bbb42b9 |
| SHA512 | 8725393a1a1c216d1f61961c1f10d7b4b593679bb9b0a6c79c99377e29470533524d818fe1d4e8eceb63c723ff3595dabfab0edd0250cc9c23f31473b77ac102 |
C:\Users\Admin\AppData\Local\Temp\Tar88D3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab88D0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb6278ee693531cb82b6e301a91c9883 |
| SHA1 | c8f0aed2f9587f7432bce2f8d30d34f0568043c0 |
| SHA256 | a9bb366448c404701bf32b8f14c6a8e6d1d96bd408e97ef54d49fc45c1c3ad64 |
| SHA512 | 4329d81cdf1ff19da0f47fab8379e7d4ea96ce3ff05baf3602b0efc3fc1a3f2f7cfc978ab5640486bc614151a07666fcc28473dc67912341567d3de3fa30b158 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa5bddb9607e7806505f068718af59a2 |
| SHA1 | d6a6b072f0e8211a25b912825f1d853f21848318 |
| SHA256 | 5c96e256f21945d73f16394c3d341e573b2c138d3c710d5d11b62b9f28562d2a |
| SHA512 | 8db8f2c12342b5ce52c5047aee28dfddc066ce0285607f7b822cc8a130c92048df2738d95d3d295d66c4a20438821be10c3f8da1a13ee1d86b04c69a51fc17df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ea57e34309ab29591ac3a7bf0bff098 |
| SHA1 | f2f98e21ed4be18c477ed64a60064bf5bdb85f88 |
| SHA256 | 0b94140be2b3ca65eaa4fb1af74bfccad4cfdb736756598cd9bc70b322de2cab |
| SHA512 | 8e5f3579577437b80ec6ff47321658289ceae8bac076e814fda83c365494e4bea7da0d6979015bfc0d8c83b6a68566d5af0bad8c42d6bc3e8e6f65a44486fce7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e81cf93dfd0177044a57d33e08bc36cc |
| SHA1 | eebf7d253c80576f1c3069ec4f54e6911af8ccaa |
| SHA256 | db505fbe2299c393b5b40087a9744142a569a42215c1de82b6783f321fd03a4d |
| SHA512 | c329fbcc2613027a5198d439a7c14c13f17ba6e5d84f37c580eed0df8a4617bd6cd9bafdaa48a6c08b0d62a0705b5f21a7c9bb0863b60fa797f840f97ff7939c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 910b8edee2fe68ff3456e7e1475b31c5 |
| SHA1 | ea4550d6639dc23c22bfb68fb8e2bb398512cdcd |
| SHA256 | 40182ac38176438b05889ab01639d76e2ca9161489686d5bab9bd1101c62da96 |
| SHA512 | e4c3f0ec2b48a289f4abb770a81fc0a7e33f456d3ef76abbf991b2e68537b488212fd2df4c09160b4b2153857c517362ed511262176d572a0b331d9e2b9b0728 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | beb59e5317d6b7e5cb856ec0a8083662 |
| SHA1 | da04b2f367cc12c45d6b800f5df7c2cfaa23f6ba |
| SHA256 | 036fb281a55164dccce36205e8ae3293db0188624c1667c7eaa843f29dcce083 |
| SHA512 | 95dd5cd35b6e804c4b84a41618f91a4c06da12ad44b43eac6fa8fddf8cbec3122ca4317c8d8cad76de74716dd948c8a828e9a6ce97def37441de3bd9d85e0d08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3169908d9c2d70f8ca6654a538400ef |
| SHA1 | 87dae194c7ba00316693d1c3dc10677e79fa0371 |
| SHA256 | 77d9d2b8c580325c881f4a9365d84dfe3cf071d0872c89e689d725e410df1d65 |
| SHA512 | 1a9a574ac12b4f74be1549c657f5f02158fc5cf8034ecbc6e17de1b7c137646d817a1fb1ff16738d561cad7b00d78955d1c4fd29a13bf6956be40df4bea951ac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f52edde938b0a2eaaebd4bb97a3c12d |
| SHA1 | 9a314a7abc7fea80142949cba509ad6e16caf58f |
| SHA256 | f0b6849e143214bad15c353373c5be5bada416cb0b25f457f7354f462a11d5cd |
| SHA512 | 28fc36abac9389102f6ac6b9d60c8503fd901cde502212575a7843521db0626360916f8d92e473b9c9977fb78f8e47e1333dc86899ec4b9fb3a01881631b7330 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54c990294a633bc33bce59c64b087c18 |
| SHA1 | ed33a48eacb2ab973b2c3b4838e1a19b8e39bdba |
| SHA256 | f96ef021b2ff187aff5d390bad8eccc834ad0ad432ddbfc19944fc8442ea348a |
| SHA512 | e072e9505e73a3a096e42345ca7f2b031cd4d684110b9dd61e84ab91d01fb3907f33903155b5aff872fedcf658274ba4977872ad1db9a0fc184d70ff27f70a5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e5b9370f15f2cb65562fc3809f3778eb |
| SHA1 | 617191dde488441c125a2974da4af4a18213652b |
| SHA256 | dd80b61d982591bab2ee92a32023815acce708e3aa3c838522a0395defecf496 |
| SHA512 | 10e1a278b2a582d6f71472e71ecb5a0bbd7d10d4731feb600f05c5dc4bace05d61d72fce4ea228794a21634ccfa2625b88604f1eba0040aac58eb05463d44cd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c4a94370809ad7bca580073a60d650ae |
| SHA1 | 46f68cee8b1a1b4b8d0b2d5fe03fe946391c3715 |
| SHA256 | 382da1468d7dd3626bcb1197f5f241e4945d7af3f5d59912771271f4ccd4bf3d |
| SHA512 | 2ac65a2fc65f5852fb74602feaef0fffdcb6333bc31e192113609268dcc58b54c2b7e7a879073a6f1d310e7952137788060475cbeaec975206a322be1ddd6374 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 866e3554235b0e7ff0ad8fc19e4752fe |
| SHA1 | 4ac3a65d21cdfb5f7b4e2a4ec731494d3132ec4b |
| SHA256 | cd5e54b392fbaef23d629d2a6719ce6984bd596c2614bf192605fa0bd0d5cda6 |
| SHA512 | 849cf81b786d4d5e5bf59268c259300f1d661a55ab1756022e6673aae325b9fbf6f04d08dbb39fe136ed731f24c97b66611d914e3db2636be91decf5511867ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ae375f3fb30043d76875fa4239d9cb0 |
| SHA1 | 0c137755f1b438836344070ed4e5ab88d68286b5 |
| SHA256 | 3d54de19cfd4b8628664ba88be2175627f34ee843aa6551a9dffb3db95ecce83 |
| SHA512 | e174fa4b9a01d188904573ec5b502b03a2c27f8825973922c1ee207e10a56eb0abfb3be7328ff87262ffbf2b745977a36b7229269af2be590740fa750dcd4698 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05cdd4706340cbfeb85d5cefcf144aa4 |
| SHA1 | fc126dbe96e28c9ba2e08229aff75deda4d1abb4 |
| SHA256 | f577b84bcf1a37d01e5d360d90cf3a240a0f7c0a77cea7fc61df98281cc498f9 |
| SHA512 | a326245ce9c36f78dd07603136ad9b4e5d72b39f6f0e70c537d56122d549fdb85a1bdeebce75d03b4c2979d1b28f193c29df2997a6a25eaa583bb873ec598aef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | befd55cade88e7974ffb2ef25a507a99 |
| SHA1 | 34a873a14259e50ac4efb7815c75a2133cd0ae79 |
| SHA256 | bb90622b9754d659bfdda8c8f2d36ea20a6d446489d5531fe2a0cc8856f7c9a9 |
| SHA512 | 4f170d3a22b80c4118c73be113a3a9f4aa50fcc37416fe9dd98f99fa31cfbdf759ba5e883e023cead6eaaf0b99094673dd28f628b7343f92c4062b6b57968188 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78b125919c0c78e5081195b56e91414a |
| SHA1 | 5fa0b66cb636aac414a4e9401e7dc7bfd1d5bb27 |
| SHA256 | ba91928a531a81073cb87ba5bb07599bf4afbd595b914d721686ec91ba750a5e |
| SHA512 | 1d4c3d5497496c20f22c56d1a6a60b810f4c6f50b45f6aa270dea222d5fe9600b9f5d09994024dbfea21fa7806d1580c20dd185cf4b295a05057e004e739f4ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa865f512b4e7f6c73b01981d47826d6 |
| SHA1 | 99509e4bde7b9d8a4e022e9a5b3108825dd1f121 |
| SHA256 | 91349d288ba5b77c5ea7153401564023275d242ef42ddf6155cecd5a62a8eb7a |
| SHA512 | 83d07b4f480483ae2e7a93a24d0c6493790e8f9d2bcf528bdf4638597c09042720aa735515eb223717552467b5f8c7a0a11cda4d0cb30fe2ffd582e0b2ee1eba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2501344cffe3a5ca48fa84448396fbf |
| SHA1 | ce0773c40e03ee60402f7b92560be2aed4f2e10d |
| SHA256 | 91a3bd873846f9060fddfec4a593503bfda7a24a4fb2eebf86e13f9788e25a13 |
| SHA512 | 94a64c454f3abbb663bdb7dc2b8bd10841611358514ad1409949cae2fc60a92b0b25affec7e2fcf9f4bcfd7b71c84657717bbe69be3942019fd29da16985a768 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 04:14
Reported
2024-06-13 04:16
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
139s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3cad107b6f46960ee4a4393abcf38b3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4016,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=4084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1432,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5332,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5476,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5500,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5336,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7096,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=7104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5876,i,7869973516895866428,11647313872437892197,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| US | 8.8.8.8:53 | www.cristinagreggio.it | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | wildwillis.net | udp |
| US | 8.8.8.8:53 | wildwillis.net | udp |
| US | 209.147.116.207:80 | wildwillis.net | tcp |
| US | 8.8.8.8:53 | wildwillis.net | udp |
| US | 8.8.8.8:53 | wildwillis.net | udp |
| US | 209.147.116.207:443 | wildwillis.net | tcp |
| US | 8.8.8.8:53 | 207.116.147.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.wildwillis.net | udp |
| US | 8.8.8.8:53 | www.wildwillis.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |