Analysis Overview
SHA256
5ae801398ad3448699299d127156a1acc916bb79d2d6872ce25fea193ca11381
Threat Level: No (potentially) malicious behavior was detected
The file a4315154b4dca5e7a7400e7aa8fc9bdd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:25
Reported
2024-06-13 06:28
Platform
win7-20240220-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421817" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005bbff01edee42e4b9697168c945400e4000000000200000000001066000000010000200000001801372fe746de38d4afac2b61c34cd49782b8bcb1e37d62e78ba12322f5116c000000000e8000000002000020000000b46b911ee3ef60e90f7e4f56332c8caa4f6fbc047cdd30bb3b4c43558cdc5c7e9000000013805e1820ef7b29cecb879f9fe1e9d982a04c8e9b7c9f9f869b1f8bf134068990036a238660e041c61fccac16f6dcf8f13d64400e87225f92319efeb42458dce57fe4ca2640b57dd7304a95ef2a7c778d52f6a6420496f7fb25bc3914881f3b701beaa0885fcd4cccc3a222c0f66df39906da9226d0cca1af22f567f13ae828f8d019ed18441dabf6561b57b61151b540000000f118e37640176eeece3591f6962471aefbc8f92accd40870433cd3d649100c444040b9e49000b35e8a5047b0a02f7db820029ff736e979a0055e667026176821 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005bbff01edee42e4b9697168c945400e400000000020000000000106600000001000020000000b2df57280e1326a91bf595c924bfaa014bb8b9a5ab9bf54e06372624676f2f61000000000e80000000020000200000009322c835d601d990334da1dc1fa98f22cd528b92d54e59e9d5ecf46eb78e378220000000074982c6628da23a839e042786fd8b0ac2d9ae23092e583aef9f62ede45e3421400000002517a02429fc002b6e40fb0ad850a1f253e8c041b50d022d3751a8842ffb363b04d828f473cadb6a8666907a1d20189689a410f10c7bfc198b384f2f55ad332d | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C69FC9E1-294D-11EF-A499-62A279F6AF31} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70c26f9b5abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2868 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2868 wrote to memory of 2516 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4315154b4dca5e7a7400e7aa8fc9bdd_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bc.geocities.yahoo.co.jp | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2A7D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab2B4A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2B6E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c7240002a3955c4c4993f1b97832382 |
| SHA1 | f60a6fbcb8fa7c3ce235e77b0694a85673282ffa |
| SHA256 | baa9d083cf204b89bb123d18a3b29cc9bd0edeb78ccf0b3f9416a88922821ef5 |
| SHA512 | 452524936081fcfb318e2e94830ecf0d38d7f2d9e1885200272753485385291505253950ba601ac88d3cb079d9f6dee9e8260ad8d717c8577574e2b18491df8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fad3d2569ecfd2ec5361878e6d9783f |
| SHA1 | 988e94a6810b6754ea7f87c98aab609ca10da604 |
| SHA256 | a44fb34757ce0d335b3ffe586673a43eb5f360a79778490010c6a9c8732129ba |
| SHA512 | d9cdea0d185ce4407affd5ee1ad64f69127eb0cf9955c3a32385f7d39a77749d5220fff4b3c1f906c80f63f31579a4628ee0a8e69d5cc4a0c62313a8bfdbd70e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23bf7dd49e8fb18491882c1ece83c977 |
| SHA1 | 09e1e5620275d5b32886aa337795ba3400cb5474 |
| SHA256 | 8c9087cd68164278fc58165ed22aee20a19b58443a38d75337a98f873bf1ff40 |
| SHA512 | c983f15a3f3ace150bb675c7e05ba9cdd74ffc3b9eb17c6e91be6d35e389d2cad6d55d95ff64dbecbf706369af2f798efb78e4d179cafec1e7d102fda907e012 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c1dce093d7803410de3015609da51b0 |
| SHA1 | 87a08eaf0dfd0e7c87e1ae1a086c9cedc74f593d |
| SHA256 | 0cac5c4c03a74b40566e0b1fda086d035c80be1c57bae864c4ae382e1ba08836 |
| SHA512 | 42888b55bb7a931fcdcccbb2838bfa533ef5e9242634584cfb2cf4c9fc1c6847d4627fcdc5c549e37c97ae68c9fb0c2d89cdea9a33c10e6040b9095998cb5fcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d97c5a29a3c8376da639401cfc2068f5 |
| SHA1 | baec61238d9bde92b9d190a1de4e2d0920eb5366 |
| SHA256 | a383221efea0642ad7169186af218480d3a2ca55d7d449b8f7f948a62b2fd5b1 |
| SHA512 | ad97d8e36ad4f0ae83eed912250f1ff51699211b130c52f266a658169d4fb821b5c3e0aad296382a78f2b2016e907626843ced965ccd0d51ddd0689ad77684d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3381809acf6577539beac656b116eac5 |
| SHA1 | 1b1a223578507fac6bd7237e70be2e8231cfa293 |
| SHA256 | 442833e8056d9e336728da6d137f45c31d08f11a2c13f7d86d98faa509ffe0e0 |
| SHA512 | 3c739f8d1ed923db3181f95c197cc77bf997adba6b7696c48266494aef4c94bb881b23ad5e2388707faca5cc4d13ac6e79cf9422b4f267f5a812ce1c71e0e498 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d079f43daf7964215f8965e2975fab01 |
| SHA1 | 458637e58ca5c0f2243391208b5d6f8fec986682 |
| SHA256 | 9b6e76e969e958ba38a8f3b9d74dc5abc50c886f2d7cedd0ad765fa257c619a1 |
| SHA512 | 702932cafe1280a82099b96d383b025c3348899bac42b6c85a4fecb714a6d56558ede9579aaa5ec833d6c08326eb5008502aaed535d10be0ddb4568ac307f3db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b21eaf95b164efd6262310d9c8a8b869 |
| SHA1 | edbba2d1705c6248e65203e42e7775b36f057086 |
| SHA256 | f48dcf1878f401bded4e92203cd4a1e4b2160330a470a132935a7fe3f63382fa |
| SHA512 | 5de3874c823ab1da5fc9df57787961f84370043f79227185fa326930f65062b84b58963391c58936a10a3f4a2295321a5a52fd85a5f406c58639e1449d4a4abe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 397250a8f40572619812ded0b445bb36 |
| SHA1 | ca2129bb9a762895a6c33247df8fb1147342531e |
| SHA256 | 98165d17a7df479b759ee758e433d99acba2b8a27a94d7263fb17d27bbdd45b3 |
| SHA512 | 8a986f1869669cdb494bc5c144e692c8f083c309d3048ffe9b827e29170943b84e2560d015a53540c0bc676cb1fb3122a45761a1b6019071b758f848c903befc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8bcb81db5faa0c59e81fca6b303fee9 |
| SHA1 | ac3435a7a9083c00a628b5d33e7e786343ade1e3 |
| SHA256 | 13393d30793b3c99a24e95b53f34a1b4441744686ab0da0bc0ebb81a046646a0 |
| SHA512 | 83f42327f7a4243bc37b5fb34e3d0b9c0f7418869bce773246fe9084e400f3981990cfdb494486700f1681f538421aea04ae1ce9c7647778b41f8e766cef0d5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94645cfe7f588bc5532ad9b150242662 |
| SHA1 | aef88a4ee086e06be887f41fa461cb92083a1047 |
| SHA256 | 754aa58a8d5000289c982b2f70f6438dc82fa85138603e7a1f9607d7e2af0fd9 |
| SHA512 | 93c3507d99d2e09d55a8d2d4a29c60fe631fbc6d926fb0f778702bf8df68579afcf7f12f41b08160a38c54d23b674aa71fa6300175d4798151122bd1bcace06b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f78fda12f9e7319fb66a1ebf8668dcb5 |
| SHA1 | b1f4edb8aea5d1dd0896de6cfb5f431af51e6486 |
| SHA256 | 67ac93ca53c394271de7f455ca6c6491cb04b7697163df053511af65f81d70e7 |
| SHA512 | a754cfa6fd12f95be0b9692a65c59a3c94f76641b6dbcc0e825ec4f11665b62414a3d932310f99e043490532826ae7e7d8f17399b1dee892114967da425aaa7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c09fb6a734a7fa4316950d94a2f0c97 |
| SHA1 | 26155eae3d03ae5061b2db85ea3d73ad413179be |
| SHA256 | a695710c5170f731c11354fef2bcbe34aaa2b4a27d347c6c271be8700585f867 |
| SHA512 | 4c0f945fc96929185c330079741f73cc141eca75d97e167496bf874bdedd44895902b3da48a8018a55b46f0a22209c3390dcffa8652726f99f0cb0f7ab427710 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98048f32fdf68042e29ff2526f7a6294 |
| SHA1 | f9b1b3d857adf3d1ea60078f1b71084fd3af51d4 |
| SHA256 | dfa4636ea706132d9157b5b9d9a41ef39d6065e6c06e26829725fae8e1dda498 |
| SHA512 | 31c6d9301af6e20b176a984c54ec374dadf0e49fd6f3f6c39fecadc60384b28c65a9d3f3b7fc0bbaea33f7a0879faaab712a729bd56669a492811f7601798c62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 902fd66564ea39bdcaed7b5ed294d303 |
| SHA1 | 3e6ba7f1f2b2df6509cca4ec6e0900f1432f3d29 |
| SHA256 | f89daad8bfb8369be78ca16645f8b5dd3302ce11c05a3bff91e98e9e8b7d5f37 |
| SHA512 | 52aacf5da9faa5c71dd9a47839e5502cdc2a782bd09e04f563bc2951097b7440525b234d3dd3c3f2d3e8484d1ac75bb371204920751ab57b1632e32a147af443 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57bf978273dc74c79381f3f6a26299c2 |
| SHA1 | a0f8a1dfd03cb9a844828665d3a21c5571870ce7 |
| SHA256 | 9ef20ad8f0a46ab71ec3f6dbeafe69723e09936d331d9f359e73b8c48841a9de |
| SHA512 | 85f8b4db24a57815e36127f6de73cb4a2902f8c4a918adf0e7dc605694e7102028cc78cbdaf3e596e79896cadbe3c28bc8671ed9c7e9e65bffef2d19d7cd11e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e424b10183e1286376c6fc211f8c949 |
| SHA1 | 5a40a0e8c57059ba48f3c27d0fc13a648cc466a4 |
| SHA256 | 211777a22a1bf9b2c23a55c53f7a2aff94d33eeb1d840aa6230369a5d444ad88 |
| SHA512 | 055876ce19daa303c0785619ca99b45f09e24b144f225d81ae3b95bab96592643405e01583604480168cc5b957071af76cc38c9029c4ca7e3e7a097a7204dc06 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 60303bc82e45676eaff50aa5474fc4b4 |
| SHA1 | 65d6c125655bb1e8d9c17edbd8f10b5c0e1a2dc1 |
| SHA256 | aff482ad755ab6c372d8690a983561a93a0df4d8564dfcbc03921e51d3668dd4 |
| SHA512 | 0b6ae92d0b8424104c47d11c1ef01877648d6f0c40a3264b9aef6fc63077c06cea5a3a30e336b7c7b161e9e45d995ca62ab420ea5caf05189b58b61699739621 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c5cc726bf404c6ef7341189752b2c966 |
| SHA1 | 916ab12e313b8c5d46fd7d6688820b38eab5178d |
| SHA256 | 6de8f3be2eefe0c66bf57ef1321471a93030e61d3b2b41b12c91c2164fc774a3 |
| SHA512 | 548f375038ec80fbf6af2cb1231f341a6940b1da39090b01d68d22f2ddfb300311610c8b34f93143d6ae82b7eabe0ec126ed71fe50682a37b5a14bc62321fa04 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:25
Reported
2024-06-13 06:28
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4315154b4dca5e7a7400e7aa8fc9bdd_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4768 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5748 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5904 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5320 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5928 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4848 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bc.geocities.yahoo.co.jp | udp |
| US | 8.8.8.8:53 | bc.geocities.yahoo.co.jp | udp |
| US | 8.8.8.8:53 | bc.geocities.yahoo.co.jp | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 2.18.121.23:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 23.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.20:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 20.173.189.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| NL | 23.62.61.152:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 152.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.180.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.73.42.20.in-addr.arpa | udp |