Analysis Overview
SHA256
a02f64425c2d6544e099ce054a23a2f01a7c53ac3b642a03885f3207f318edf7
Threat Level: No (potentially) malicious behavior was detected
The file a3e7569fc65e69767fb14de5aa1d87de_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 05:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 05:02
Reported
2024-06-13 05:04
Platform
win7-20240611-en
Max time kernel
142s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424416814" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{200E6791-2942-11EF-A1F0-7EE57A38E3C7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007ba3929aa8da0a02302ef8ac9787a22bc1bf4d73b6e607f067dc5d9bfbc8aa28000000000e8000000002000020000000736eacfee4860ea62a6fbac60ac4e04b46fac8b8d4c884b2f9275d9462baf1b9900000003df4cd7985a67133cfa718ff8bf9ae647aa6177d97f4c1f76d8f201e00b464d9a2c0fd4db094cb064b4aee6fdb8fe21e9d387eee1720ba622ca037babdc81053d37dabdf439ac0c04fed934087522dfce534ccc55aa1f5f1b3d7dbad46075b9ae9a0f0508c1b70ba0c8f64fc2c2971d4b854c304b29c86fc414bc7a222fb56169f2715ff7cd16d24d602564ac032ee8540000000edf8fd6f36d4ed52b097c0ee575face9cb0f40edcb94a7691ef5bff647c8625bcd160531fc791fd6c782781c66e899daeeeb8b1a0f2ad1a909b789141c9855a3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80fa92f54ebdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000fac12d70b324d04f1802eaf7661d7ad87631c0b4f646efacbbc3d3207d1c104b000000000e8000000002000020000000357d611cd28da7111e40676510db49c0872c4a2479fa65f5eeeebb86a3e467a020000000459667bf805810b948ba7c4594aff1d0190a26ef466f0d08afaa4e2b84645fac400000007d1371513aaec10cec243f5c1e295548a7ef06178f9baf3ee0c97dc9569bd42c4f0106494877618e9ed2e97f1071bdda9dd4c50003f7e3dd2ccfeea8cbd04ec4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3008 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3008 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3008 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3008 wrote to memory of 2780 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e7569fc65e69767fb14de5aa1d87de_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab915A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar9209.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f538b7d82a86048fc666ffb8ad9fd9fb |
| SHA1 | dda24510941ad9c11b75b13a2e6f6a4eae4dc367 |
| SHA256 | 21b69acc7e534630f481316838cb2c143decb236a021207ee431b1edcae45b9c |
| SHA512 | 899d767016891fc902d6e5089ffc400473e450cd2d597931ae48fa5806c1dab4ff87882ac7c78a292021020e3811c377df625bff0868f5b80035a1bfc68c7cc4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0301187eff163ab83bf4319ba54d80cf |
| SHA1 | c7028e8564b3bdc4ad937f2afeeda34fd27f5b17 |
| SHA256 | daab1b681b8f993c559ced24aec2e817d13a908143f100ed991d29d678df39c0 |
| SHA512 | c6c649298e67d13622c518c8abbbf5e9f62c9f69e406ae3607170771d8f002f410d48633e9fe621588fa595303eae85f29362132eabcaa5c0f263d4de26e7824 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d0d85cbc249f285b1f7b67ea36e1bff |
| SHA1 | fb137f4de9a79a490d29abf45213b16456f3203d |
| SHA256 | de443d31d8849e7233533afa7b55fbc3639f0684bf96800914cb955a4a122b17 |
| SHA512 | ebf9ee73c672c9e12ad0c8b9c36117eea3ab290716477cbd1c8fe22f117943770b011ad2d1d2e7efbbb46fab347bdebe4baa83431b6399bf6a3fb5d14780db1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9a207ff7d3a0837d1df215f07091bfd9 |
| SHA1 | 9c71d1dcab4aa140a8f5ca702723fb99d9139794 |
| SHA256 | f3128eba0486de49ce119130f5d76de81dc3170a823007fe6e64cc2544c334f1 |
| SHA512 | 3ae9bab9395daf23f7e4104e18958212ca86825cc3341bdd4e778d0bef2a711a024ea3f3918c945d294ab6b40127d60acb4f936d8c37104e5ce4186822fc4cb8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a30a48485193b6b3715ae7a070aab009 |
| SHA1 | f564a4f63cd440bc9c987f3d708a6d66d55cf14b |
| SHA256 | b70c39fa80e952de879763401ffeea0dc41467c5a3b9ee33f5f83a7ed7f0acad |
| SHA512 | 547f0dfd7ad2a0bd94403d156a55c4e628a74d9678a059c122e00afb9b3d2bad7e817532ae01f8a17c023121dfe25b4da41bb175f510ec1366c52abbcac6a61d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54bd579c3c211ab9c83f8692757babba |
| SHA1 | 0db606b3be98f449bfea3da9c28649ad02cb61bd |
| SHA256 | 2a7c92981c42edd28006ce27a4ea91798d089240d36502edcc2fad3a16187932 |
| SHA512 | e86daccc3c24f23c3858b418f25f64b94938f83668cb29b635aa34fefc3283b2de22b4378088fd4b03a4a487e5241c0aa22b725765cc186a6f67098e5a1ad693 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0772ea3763386397d1c62471bf524e0a |
| SHA1 | 47a153283f3fe03fb9d04561fb146ed52efe8f7d |
| SHA256 | 53cc6214ec04f562035d8d955961221e4462e95d71ff9ffba2a8b48170efbf94 |
| SHA512 | 2961204f6f6f5c342a8f8390d3f46fd68ca2584b3e432135356ec8c5bd25ab61c9b8ed819e32fea7949126b4f71cd7e6e93c17129f0dca6b58003b14acf7409f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7eb1b092aaab856e1527676139832760 |
| SHA1 | 101665f7bc07c1d84f4039286599cb000e731c0d |
| SHA256 | 53cd53eb12c9363d6a78f3445d1ad546525b70a8414901b2d0a17c450650d010 |
| SHA512 | 2de35910b66517e4874a5cae94b3f8f278897e91e54764a74fe9c496877cf30db884f0cb368beaa96a7fec8c6677cdaec36c0b5757c4915c52fb0f3ab5d27326 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0d3cae3453ae48b2d913696fd97f851 |
| SHA1 | ec816eb49e00c1518e91bca170c1218547edecef |
| SHA256 | bcd11a159599073a2a82696ba8e1df8f5f7026e06745081b1cdf263755d157d5 |
| SHA512 | 0e9338d31da0404989983f32646e2ded3dc1eca191510b98e012ad1bc41e9efb6411b6085e7aac569aba27ff81214956f79739618466af89b611487b22713327 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be1ab020f396b350d2b8c0940b932792 |
| SHA1 | bdb7bdf5f64e58b552968386556b3704f41c2164 |
| SHA256 | f41d8c67a2287bb024b435b3b688f3f09f0bab648d667440670fcc4ca0929cbe |
| SHA512 | bc0a43e671b136bd535274917563d485e0c07f22433e3021fd2645c46956c97f68f6220a1313ddd7763a8e36b69b481f7894c4b4114592f96fc84878bf303054 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d3577c8eee62415e3296df55e9a30b0e |
| SHA1 | cb8b27e2683a5e0b61f08dd26e714d20a58db024 |
| SHA256 | 50be1b7201f7a46208b24e2d2a0c64e751dba25641ef0c6a0ff943f8499e9e46 |
| SHA512 | 05eed972e530a85e08847f09d872939232f41ca07441f9e823b503cdfb7c924a8cffa6414e7d4c21f4cacb963e334f35219cf1b298c3c2281627e7840b70d4f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1353ac128a00672dbf84025335aeafe3 |
| SHA1 | 86e82fd79842f25fb7ec76435e5e8398a97763d9 |
| SHA256 | 0ab8a34f3b653a3dedc5b6596cdb2799424b17a0695e83df1317a72cfeccf040 |
| SHA512 | 703794ecd67631ab50d1fadb797fa10f9d63d7d63e2d176444b24a0fa200b2ffac6978868e868bcfcd6ae644e945b52c5d57de1faad4ba81395651382aacc1bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 792611f1fa95c8566065cd0293c769c9 |
| SHA1 | d5046c475737af6b316525b9ad167b7886d710a6 |
| SHA256 | ec114125ab29f1684022b2f35c34ca7cb7c8c297405496c6ca6ae801ddf8d923 |
| SHA512 | 4f03525882c156a6ffdb9b9275bdbf84d262a32643b30ac2518a0579789837218ee9c98838826251505890b4fb92d2017a8a4a879236431f169a5efb324e13e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 077f20cf3f4d6d8dc80b67f3455cd156 |
| SHA1 | bbc43d33351314ebb3bbd99654d3bae32a3cc02b |
| SHA256 | 0fea5e971818874dc823949a35a82e1e5a7c75813fcd4c94520192ff02ac42f6 |
| SHA512 | 9ca84caea54974b0fc9e2a78ba6e7b92ab180809bb2996021ede21b37891ed4b18bf3bf894cc2d3a43986c915fab36d9c26aab5e3efbd0a0386cc139d93e08ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30557871e8a14e486ff62369a857191e |
| SHA1 | 69e069d4349f79cd2c4aa6bac65e8a34608d2508 |
| SHA256 | 1568879796852edaa65c364bc9e8529b2000c6ab510cd11ca036150e7302a97f |
| SHA512 | 6dfa75093118a2d4f56c8e8edb4ea7d660f528e10dcb6c0b52b3389b38cacd1caaf61829249830f8d0a13c5a42bfff224fd31b314a43bf0eac22a2c9e3457559 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72e4dec110ba91abaf083b9910ef82be |
| SHA1 | dfc1daad1f2b28ce336246c8c34ca249642862e8 |
| SHA256 | 9085d5d019aaee53fd8b9b37c9fcba7a641c39d2aef091ea615d26b2e8221285 |
| SHA512 | 067152a7d33ee0ae6f42a6c0a361f6630a69514e057e4db7a5828e085eb787c7e3460bbdcf7e70489d82345afc7f9dc1074d0bad839539c7254ca5eb3987e052 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 140aa4fd47dd0277e9971f6c8bdd8893 |
| SHA1 | 13e0c3f1844b1b2fe8f3dbb3a8897d00d84c6271 |
| SHA256 | 8d11d43c2887e2bc9e2ff3d296306e2c9d7fc3d5810ca6f09ae916f6a2c7f2b5 |
| SHA512 | dc676b9d53e1cba664840d0fc2371d9a3fa3c8eb79357927b1449618e70cdc2296955013bc2f29474c0ecdc65d4cbb9520e624452749fb84b8515eb88bfe8a88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e19d2db677afea3c6443a7ea3e9e3dfd |
| SHA1 | 14228c6f802915d95cf5e7c5187c6296e170e9c6 |
| SHA256 | 0ed1a82db28f0ae48b658995a25b145b07211aa28378b1b02f608bdaf1ad84ab |
| SHA512 | 8ca979fdbf6048f2892e9d108851c6dd67b8fbd7279e23dbac0548affec20c2fc77811546c40ea79d2f70155adf955291cdf2234572d0612043d4e98a8bd0788 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21d78109827e3e1d498918c813af3d1c |
| SHA1 | 11963fa4eb0b38a605a25ae5fe452459bbb68f34 |
| SHA256 | bbec952b120990e4ee5978fff8fa23421d7a74d1265388876ca3b075bad4b73b |
| SHA512 | 6ffcb5a4c6411ad850c619ad0dbabb6dc57ca3f25037a61c5a073e7750fe9fa0d144ee04e513310e8787396abe5b58fa0ffe6c73e0ee39f9ce11e89ae81ad77a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 05:02
Reported
2024-06-13 05:04
Platform
win10v2004-20240611-en
Max time kernel
129s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e7569fc65e69767fb14de5aa1d87de_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=764,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=2704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3812,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5412,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5444,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=1032,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=3860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5684,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1316,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | ww1.loading.shabimedia.com | udp |
| US | 8.8.8.8:53 | ww1.loading.shabimedia.com | udp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| US | 8.8.8.8:53 | ww1.loading.shabimedia.com | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |