Analysis Overview
SHA256
2bfa88982d590d2ad1710cf6aa7c294b891968732b6cf89602ef7605753a6f9b
Threat Level: No (potentially) malicious behavior was detected
The file a42fb3a29c123a09966f33af70a482de_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:24
Reported
2024-06-13 06:26
Platform
win7-20240221-en
Max time kernel
117s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0032f645abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8CE59EF1-294D-11EF-9F86-7EEA931DE775} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421720" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c7ae05198344c64b969915e4a8008f3b00000000020000000000106600000001000020000000872df065f96c8eeee3c0746c63f14d7258f43605902907187c88e463094c10e1000000000e80000000020000200000000bc2b53ed654508486f94da1fee57a938efe6d05c75901de09dc96b78f874e59200000000da229a797e15fbd313ce28bb91fbc9ec967ba5a44c88836018658693ba01d0d40000000bbd07abebf856c94ef00a83780fd9cfb908c3c33d0404cb37d7b0b116be8e84400d5b1300b480ba9c2a2ab919a76dc313e3481d0f3f557d49fe081caa9ca8a23 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c7ae05198344c64b969915e4a8008f3b0000000002000000000010660000000100002000000007320c7055b02640e15e63ce2c7dc126af6f9bff751af142018cabb7a1132c85000000000e8000000002000020000000a4ec30909245aa141ae357ddbebd3fb373deaa1c98378611c59d8f9323f9074f900000003e0cc0152953f1d4f0e0a1a81098d64e28755f8d32a10b8720b8a096ad1a9d602df4dcb6d2c3c983aa29382e1c502448a757ce031480fdfb7a163d03bae9bc174438793adb3a00a83c80a8d4cbe93da48df78f7e04034bfed2811a9ba7643a3023c58f067135dae867e4377f8bb90774c089c32ccf11716bc0435000a507e7e32621d728d81fe84dd5df19672edcc0b540000000e220858941e1f3f3197b3b0eb95e07d925d1fca7cb7725f12ddad999b2f6d8a536a04b26f6e115f7281741c6d752879584cac08430b4c9f6e877e6256fcf7c5e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2192 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a42fb3a29c123a09966f33af70a482de_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | oddstrick.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab53ED.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar550D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3bdc3fec76aff4925639f7a464df0db |
| SHA1 | 05708cc3d0b30733296f83af4b6a59d9b04acfb7 |
| SHA256 | 1956fe58dee681d39f0670a6685d03b38c38d8dc7a0a2168066f46ade02ffbdc |
| SHA512 | 5b63a78cc80e9abc4dacf1cb652449a57140dd511781483c78cef1338cbd1bf83b0705f9b589757c8ae4e7a80c89b341aa388697f8fa78e186c9567913122028 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7e658a3cb0c1ddf642d67a9db336d2c |
| SHA1 | 7f269120381cd110cfc8ad76633afc94573fa050 |
| SHA256 | 77f01c742074518ad88236c30462ad6ad019f62cd57febaa99f00c64b8365552 |
| SHA512 | a4dd8c7b32360cf6d1fa4262c0d8c78ea3a7b36b2dadf3acc23355cc2bb9825fb85124e3078f94d3c2c0e240ed82bed0b0ccb346771ffc385cbc4d22327dca53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d285a9d87bdc062b116f348b7d9916ca |
| SHA1 | 6540a6ca559efc6d2457b0d7880ebc388f0832ae |
| SHA256 | 5b7de0384c2224e7acffc149c7694f052d5fec953f11852f2eb18a37d1b0c863 |
| SHA512 | 8a5714e2a6dc2cba922fbcd8a0a597a4a33873fc311f9425f7d29602010385bd73cbaf542affc06efab703062f833f21e45d5332ff511da2c80fd1f7e531d237 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4434532ac2c19434e771f7877e90ecf7 |
| SHA1 | 19b11b8e942764598d5ee1cfb57977f7ecd0e787 |
| SHA256 | a6da15bf1aeafc9eee1791e6ad3324198babfbca51629a96e52e41c6ac21f29a |
| SHA512 | a201319ff2f8934adec253c245e447b25996e88df35d64fcc8b46a582fe0da62f30f5bacc438dbe8b68c406c5c331e3f6f4189589f300da1d472c8bdf2c51ec2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b85f22a2769ab5c741763b7aca1ab15b |
| SHA1 | 85b7e2582c2676f0d3f3f38a04a76ef7ca9646b9 |
| SHA256 | 1d652fde5227d6ef1518e97b1a4d67ae3f0dbcbacf4f86dc903d57e1e7d6aaf0 |
| SHA512 | 6e05283264db188b262fa59b128b52c12c68440b1bf00bf7cf0fae8211b52a4332c856ce445d54c61966d333a98c87e159ad22576932e483e77de7146638945f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b71ba2874fcc051da7ea402731884b0b |
| SHA1 | 24122273c92ab047bf932cf4b47d84fca9bb8755 |
| SHA256 | a77b52f6442496caf3e6aaeb4a33e0d45bc143962287dc389166de915356bf09 |
| SHA512 | 2e84bd17dd1c5b09afb25c1c27a93860b67738f35f8144b91d7654fd84a9064478bd4829e32aa090ec7591d93e9b7b0be81536237d416103ef1f33cecbf549ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae82f2a6b558c50f7f271192855f262f |
| SHA1 | a5479a057c3da2e01a6c2c6f30b0d3cf3a6bf66a |
| SHA256 | 35db6c659d9f3c3bb2e74138e77be9adacb591320e686d7735b210e243cedf41 |
| SHA512 | a67803a54203d32f992c815a2daa5f7d28cfc7959ab4c4192ff6767161895d8a659eb2be9c3829fdb8c3a6b17b5a655a1d40252b571355953d61d4cf04799f80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6694713c53605f1d95ab1bdb3ae9aaf2 |
| SHA1 | 636acc4595c4b13ff7073fdd82575b5078fe1fd8 |
| SHA256 | a3bcf61bc740ab5c4561bafa3ae77c65bfffcc14b323bd4d7850da941d5da0c3 |
| SHA512 | 43f236899024a813aae5099cb14bb25c836fcc5f82c848a8f8daff7f614c568e93e2fd5c038e8345bfa7c672dd5f03c68c842b3fb070336baf560cf98efe951c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f944106f547e7dc12fe8b308bcad62a5 |
| SHA1 | 1d2e862e3280ac345e5f0702958884e83c58c936 |
| SHA256 | 983a58d4ba1188910945a5ad10fa0207f13b775ad14ac8cc5d33d58375f1ba7a |
| SHA512 | 986e3aad4958983cd6999ad66922271e1f5f6efb97c41c0dc2ebe9f47fda9da8f5aac707717c610d30aa5c7933e5ca3cc4722c4fad2cc4aeb6843b1c40da692b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bd7e6c677d4232b0fd4fc351ff2332a |
| SHA1 | 29dd2130c7e793ef0a8fd32ba0989691c323bdd8 |
| SHA256 | 48324d48c2c591513d24a54c33a06e495f54496413ed8c1701d16a9da4dae8e5 |
| SHA512 | dc2e90bf1cc6847d748fbb61d3b43b6eebb154773c5dd6586bdcf7ac9ae0574e41d6ba4e4dfad0a6c0c49303f8dd4af0332ee692e11d7702b2477095f6fc6d96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ea1993192fa8a3b78cda58715fb55ff |
| SHA1 | b3c1f06ed28b1ce7c40a47a1e2b94e67fe75c8c9 |
| SHA256 | 5c799511681b8533e6194d44670cd34f4072fbbd6d814427e82b7517253b5c68 |
| SHA512 | a2597e68d5704910ddd7c9c95e66a3d01d8535f4b14ac9689309f269177c42a5cb6bd2706f21621432a44656bd6492d5073f4fe668f6efb120d525afc7245db6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29f05f4a9a5f21354a220343211f83dd |
| SHA1 | 848420a8aad2fbed083a8ab84a4f1e7113b52871 |
| SHA256 | f669916b45ff2e8c9decda5bff168a8c960faa92c775ecae2c06209c6f4343e7 |
| SHA512 | 4e6fc5aba25fc8faec94a241eff1b806b31aff0a778be07a9d150c55e326c14f04e2af91e9fef35bea7590ad246523a56e6cb9cfaef791eab9139ce8dca10fc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b76a5c6042e4209b564a0bbb0c2108e |
| SHA1 | 7cb828240c30b0d176d8e116a56c4d120dc8b91f |
| SHA256 | 62d33c02cbbf26d13daa962c4fa604f7ea7743b794e331b1a32d64249f0d54c7 |
| SHA512 | d064bb13644babe37119bc2628c4f3327e4347b1979eb42c2c05d5eadad2832d6ab4806b8661fbd6ccea223483eca82838bce7493fa856256b3d307aab7a8f6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 271a9e1e02157986e7a6a58a39739833 |
| SHA1 | fd17fa529112232f12e88822121da573e279c2e1 |
| SHA256 | 069529edb9715a180f6d4490866ed2111b63fe4a3e38090a76504de5816a410d |
| SHA512 | 976b14e7d1d7e9f1fa70157973de4f91508f159f60b3fba1000f9f34e3b980b79618a9449a2ae066047c36263d1ba6d6540b6d9a8e801abfc7c4d7aaadc9e28c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 245864257b6e22a7c5b19c9c666c4fdb |
| SHA1 | 9946185747acf8532c915c358bab0ce46f8a591e |
| SHA256 | d1b4f209158ca9c26a9b3efca417a471a341ea2586e01ce5976f07093fb3516d |
| SHA512 | 557800f94fe9160318af1bddd324237427df8767a63060fc144245708163fe3097c04b384a2a4e5d8f729931b572b5bf7b9b985ba6be1e55ca3af327cc417f4b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32b075ae1d7e6e6497d8129a9cce4532 |
| SHA1 | 70676b7f7d21f13b1a5d3eda7bb2e628ddedeacf |
| SHA256 | 338f52a732580a68b1d1b8584c4924660ed18a6ea7ef5b60260d52a50b00b846 |
| SHA512 | 0d26f3f61614baabef12ff7c231ad22c3934db238f1fbe0e37ef2f4de0f39ebb6619bb71dfb5bbf0c0fc7a2105098a44a19c30e05f233304bcf21d7abadef01b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85eea1a779563ef216a18cc65644a586 |
| SHA1 | ccc54fdca1c420867cb27f8267150cb852ea76f9 |
| SHA256 | b5887bd6887b8f2e08ddfb9e79525d2d448f28d77a1021b587f2daa761450ce9 |
| SHA512 | 196a84ab59cfde2f01c989658850567dff76671ca3f3845030d175ebd3467f7758390875a554f355252f3f7e9ccde1b087a949af11a03f8d27f05d4fcbd0f3cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9c8a994f0ccd2e8f79fe23469ed5ff8 |
| SHA1 | 82cf071b97e92cb6de07153a9edde19b98631292 |
| SHA256 | c641b56266341898c1471262516511657fbb03845bda9d5ae91a15c84d828d01 |
| SHA512 | b90525140dcb93cb8f39bd56a034c89af1cafbd4e871a9db68d6ec70f56c8e5ef06afd9e66283fa7ca19fb6b513fdf4b299ca66cfd9cc2306fb325e84ed70187 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4079b9348ef863baf820c7b4296cf501 |
| SHA1 | 07cea769be20a5e4f6873a7feb58829a08032959 |
| SHA256 | 5b3f9dd800e4701afdd8ef8d771de9ddc5592de426470cce6c033b56043f01fa |
| SHA512 | 8da87fdea3411bf409526d8e16a33c5a1580e475aca829849f6c1b233c4f7cdf87d345b8a1fb51caf42d7c2b566ff64fb98cd7ca3793a9905872e4558d1ff60f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:24
Reported
2024-06-13 06:26
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a42fb3a29c123a09966f33af70a482de_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3804,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3964,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5280,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5328,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5440,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5648,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6056,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4040,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.belitudungonline.com | udp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |