Analysis Overview
SHA256
38dd83dbc0829eb5a5b387f7cba7a676da73bdf44371d0340237c115b029dcb0
Threat Level: No (potentially) malicious behavior was detected
The file a429f6e259eaa447634cdac8ae9d1bc0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:17
Reported
2024-06-13 06:20
Platform
win7-20240611-en
Max time kernel
119s
Max time network
130s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000d9b3d9e2800e85418cd5b701034d59d26bf4286a4313635f006babebd597e45c000000000e8000000002000020000000367eb42ffe5b75ade2e38ec48b80afa20d44903a0af910c73d081d5840276bc2900000003f105b2f544cb4c848951ad37432f7b218a8c783cc7eb1f3de3a595c6347467dbfaba3e7e085a5f8c157ced12670c523830d7e30fcbc413ab2459ec64cb51a3de99cec742eca05d43a5cf9b1833271cca1c4b3541c85ee987481b0d079a8140f17e8f2595b0512f504e05917c7c53a331d275b83dc1bb6733e8aeb8615dd8c71aa641ba4b0c64950cd641d9517e5d80440000000f1a8d9fb91432b0428b2f734bbda8a21d146a15e213048c9f1b6559b3234c36c932ad6550c874b889d4eab458c5167d405fd0c565ba514e979509e22c1baaf79 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000093ed2e9d08c31a2d6a2fe9b94ce0746f123420f7cf3b738130b37561cf7fc4e3000000000e8000000002000020000000ed0395926ae8de57e4818887ba2fdef69063f2f63cc5537be82499e611aa202620000000ae115382bf5162e9582b526cc66ef692d814d91c3307cb754fad05b151b4726b400000004a3a2c5f02a2358b2e3ebf7cc1e4f9f42fd8ada19cb6d5c14f1255ee7554d656988bc3c8e3d55668b0eb926e3de2b9a129c018b615c1fa9d25773645c881e42f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ADECCF71-294C-11EF-BA09-6ACBDECABE1A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40c5988259bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421346" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2160 wrote to memory of 2236 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 2236 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 2236 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 2236 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a429f6e259eaa447634cdac8ae9d1bc0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2BD4.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38154364b65afeddc39d1e1ab00158c0 |
| SHA1 | 0de3f6014d2545d5b021ee5a85d0dbeae19b5c2a |
| SHA256 | 524b399bf44a02ef247262a96f09a4fb2e356c8a3e0935e7428f1c4498b2bab4 |
| SHA512 | 099e4c220ea5397262f129e798826b7009cf60b8cbaddf158e467c0ad6a55fbe4541549e58a5d6d7256cbb9f0dcab94c9bf019eaac1394b9390da4ce8d0963dd |
C:\Users\Admin\AppData\Local\Temp\Tar2C77.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fc316c2ddc16b8082a81d828bb74377 |
| SHA1 | e27bacfb1d01d1cbbbd568b4835cc10d0afe36a6 |
| SHA256 | f517b299daaa7c9cdb899773e33e58e07c4d0af03e8123d14bd2f8847d7289c2 |
| SHA512 | fefbd67fc317417a906ccbe6e92707cb4cc0fb84a12feb144064d1961d6c6b34527575b46e6ae057af1b023c140f164c2262e1b4ec172ca81ddac9237789ff93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58a47efebcd83bfceed7602e7508e826 |
| SHA1 | cd5776126711f847fb62818f3e46f9cb0d5b1524 |
| SHA256 | 99c00b58122e67f513e40fac7b46cc8661c60763701881ceebdf3a8fc05150f1 |
| SHA512 | fb9cd4fdfb5fabad6c7ed8ded628d2d0f11fd6675ec1ee18c107ad6d2414715fb15de952bd23a8284528c2b252e42499415368428984d1a8d9c962f0a9b2f429 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f992041ed7b3f4ccdf1f2b1279ea6077 |
| SHA1 | 4b8bfaae0ec6fe561af00499e4f7fc2515035404 |
| SHA256 | a801e5283420d453288311c24c55f4da736a491fce2ce6937331d082b8b2ce0f |
| SHA512 | b443c555410c261b384ac3f06666a5dd534eecee90c1b411f8b17bff3145b9e208493c6401dc4a645c91473d152ec32a1fc408e475171594cc941c66dce6b05c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bfd2c95ba42b34f7b96c0e1ca8e122c |
| SHA1 | b10dcb71f799d6019046ce9bc7226061b2fb9ca8 |
| SHA256 | 202351ff991498b74e5736636b8b7e0a24c1dbc11d4c8c81c0ed5e7d99a3c58b |
| SHA512 | 84a489dd7147afd33b808c5cf1ba9e83665abd2ffd6182f039984f8abe9fd51391775d51025c85a1bf0ad01a24436f2510b78a2f5111d5b320831548f3cf4418 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 204be03311a233691f6f78f9ad1c5450 |
| SHA1 | d244a5b4cf9258713d59e75efd328f21a8bdf5fb |
| SHA256 | 1f95585e88c6287d84ac6f02990cd5e477a62f36bfeea9db259bb7a499125206 |
| SHA512 | aa8cd7d2c10262ff8c171e7bff42fb6bfce95c7578e98b56d5927de4ab75afb339e19e01400b7e10e1064011068d65af156db483b16ee20c23d39a6759cb51f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e4f96b1810c14dad731898f0ec199a06 |
| SHA1 | f7a019e2d1547804bd8e600bb817166e92c47953 |
| SHA256 | 5197ab1727eefa362cc2d3ad8d13edb854b582fd0beb7e48aa884a5c551a5df9 |
| SHA512 | 59148250cdd3c7c003ad7b4ca9202f9624e6d8c1f3621226ad87bdda21afe98e56036c207a2deffba829940a5bfca2966b4adacadae98ac5678e163b77f93b6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81b35bcd95cbcd9d2d6ef8fd7961ee61 |
| SHA1 | 3b7851e9240920d19d15e09ab93de1da4c0e463e |
| SHA256 | 6898a136f92b5930160f44aa5f83cf412cb15148d5659c822f089d605a87e6be |
| SHA512 | 81ea281adde489daf3bbc5da65b4dbbb6d6c4c61882dd21f78c9acc48d487b2ff3b07dfa9f3ec1c3b23906689cfd67f019e56d09beea6bbe63634b0506b099f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e704fd00b4d8234005257ee163d8a67 |
| SHA1 | e307e2691d86ba3bf7bb7723d896ac7afcc39ae6 |
| SHA256 | aab65620ad02a1081dc30c827f9569df12b25f1d53f86706d81b326cbe9361a8 |
| SHA512 | 84d1018fdfcbdb457e46c88b7349aa9d1279095f1b95e0ea4641204acd802993b35f09b8ac0dad18de0da410a2ba6be5fa9c7db362c7c501b073d12b77764767 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2937e8c1694484fa06372bf7570c76fd |
| SHA1 | 752dff3b7e425588db6caf1d262e718c9ba502ee |
| SHA256 | a7d1ae984aceb3286d0e29c794a1fe6e078bfabf811abbaae387804aaf2fd0a3 |
| SHA512 | caa20c9880e5e09181ad22e75bc785f9a525ed26c2adef06486b939220ad2dc8b37cbc16bc59479def302c3ab1dcab6118b1bc11b2c6a089b9ee02839099a979 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 022dc8f3068ed1db49e470e30ab250c2 |
| SHA1 | ddd1f19b585ecb9583416cb2d33b61665a21315e |
| SHA256 | 723ee2a8151b64c970611b3a7da1f05c5112e4f54573bf30f8508076111e28ff |
| SHA512 | 56ca051c6d6546318c47780303d75b21b03c8cafb63ddcddd0ba277349f4ff07599008c4a7d10d43c0f45e3f55a2b352db35a1642b83f179f34c7b4e0ff99e59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da4b51c821b9b64e87affc78585f1ee3 |
| SHA1 | 2e14f36b2b37473f2d36a29563cf81c79556ea88 |
| SHA256 | 3ff1b218b4770aa1fbf4370c6b539eeac2b8dc17130ff50f15a2cf16069cdfe1 |
| SHA512 | 119a5f82fe09e9155d9ce92b981f655a8b689823109113772ab32efbeadd790d5df9ecdd27e83f038fbe3443661c7ac659c80cb484d24c5799390f85068da691 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b22935c13b30dcdb3338d5be8a13484 |
| SHA1 | 8deccff6fd1fa9386ae8c43f6f9f6b80bc57f5c6 |
| SHA256 | e60587f60f73256cdeefb860b3d84a2592c8ed29b2151f8ce95ec6e79541a4cc |
| SHA512 | ec104c1bac830e4200ab712fc3414945d196bfe94808e0aa4dc7dca1cd6ab6af053c21fa051a76cd554c859271dcf4a0e6d9d2b1279b742b0fcdc6d91828b0bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe076be0271937cac8780a63e819ef19 |
| SHA1 | c9c4331f364d88a78f4a7a005bedca127a6075f7 |
| SHA256 | dea473e66015ae96976fa6805f67fcbb03c8120b588372634158e2b77e137c7d |
| SHA512 | 9307519fda43cf81040bf6a1ff673907e86665724fd5d885f68da4607e86e0c39ecfd1ef71dc8d0e6e5a2841b967530cea00305e41b0b4a36dae4bdc91df097b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48a201521871680c66884b0b181f974a |
| SHA1 | 59f151cd6b97c6c8bbae57928b68f91b4afd6145 |
| SHA256 | 76396a1f9cd128c33222289135fc4ff8292691a4a61f9358fc510f2769641608 |
| SHA512 | ed1d10b1ff3c5af00ee38a141599919dd6b7af8b969af6b2aafeba8dc711b5102c8553a89e86561da1e76f75b81519b70b9d0a181f843f3a891edf50bdd0109c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 716fcf1194f92019da9f8b3de8e1d2e0 |
| SHA1 | cdb291cc012e1f51d1e7f54dccd59f9351adccca |
| SHA256 | 8a1bfdce9af1e0a1e77b0551e958db2aa0215280434f61729bcf093e604fcc2e |
| SHA512 | 617078f6533004b553c48057903d4d0bdd77c5693cd7b6c01a643c22bbd61af4ca06f38bedc812ef4336c3b9b5ee8ad24b81c696ed27a55265bc39f6c12b15f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abda0a5e14abae3cb82a38ea550373a9 |
| SHA1 | bc2078701337f73397a6fa6746df7710569653f0 |
| SHA256 | 19f865bb4ab5932c352105c1f1c4896ce5def117a48b9bfa7c9e5ea24268f883 |
| SHA512 | ef0d43e15f3cbc1844cece3690608d7f416e92ad36c256e99e8febd64d467c3574aaaa945edad1db7166bc6de21045b1aec6bb1601203b759aa5018ebdc03400 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c77ca244366baa5d54e0701c0e88c7de |
| SHA1 | 238643d4b7e43d70267cbc13699b59e79438a517 |
| SHA256 | 314c72b367b83b1fde78fe4cae6ba48dce9a9fb7e3305c5598c408270a615c28 |
| SHA512 | c9441e85d4596c46d8d0082a2f25d061e825f27a0a23c19ebfc658bb6d06fc8f6002d44cd4d6d6cf41840b322567c5681e8c82d115c9ccb3463258fcfefe81cd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:17
Reported
2024-06-13 06:20
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a429f6e259eaa447634cdac8ae9d1bc0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4860 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4936 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4912 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5956 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6116 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 8.8.8.8:53 | naizamdistributor.com | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 13.89.179.12:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.179.89.13.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 187.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.204.74:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| BE | 88.221.83.234:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 234.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.197.79.40.in-addr.arpa | udp |