Analysis Overview
SHA256
03904e2219e52bd3981c8291143f073f4673306d4abe315011598f1764840e4c
Threat Level: No (potentially) malicious behavior was detected
The file a432edee8255d1060349ff50cfc121bf_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:27
Reported
2024-06-13 06:30
Platform
win7-20240611-en
Max time kernel
117s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421953" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1646B031-294E-11EF-B98D-FE0070C7CB2B} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007cc5923580da91447ca02ffcb5b9484b783c72a600749144258e7285f3def724000000000e8000000002000020000000068b4b7dfe01d18a63ce3dd420d6d978871be62240f2a4427376b9eaf2822a649000000090ba465e1e2174c7bdd2b27e5e4286c812a2525b799d16a5e1f3a3c32849d3599d0d2d73aee4c47efdb77663bcb012c8a29f30ad9cbed1da79c0b1b53fe7d03e86547f3dcd6b6f4b77fb457dfb064324231a033fa2619bf47c26a520a8e0fe52f96db139ade30e313ab80c098306d16af746b6c031f0204cff724b026c5e2fae7f5262e47ba2a89b27e0a50b047ce3f2400000004acede5d9d62f704053060081e58a5f2567bc4a2bedccd99595c22eb79db58fa26ddfb642ccd53cc7798c7cd20219e1968c3cf199a137bd27ed2385ba65cf24b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000000b63b4d6212eee16e243c1e2013225662b7263c5458372c26dda680ed00df71000000000e800000000200002000000053850b015a7fe9474dbe2f85764b6029a7daa79a3a0dcf3471e798ca3d25eb8a200000001ec9aa195c1037cb4cd10c9a4c3a095de72d7d58b1e22f5757f2f73adf55b04540000000c8b491e1e188b62e5f3f6a30edf2e2e607b51b3b51937d58b83e0ccf638c3f582d4e4be44d1e1bb01651d3d057c6f50dbab7a9e734652df40492a4498a4da478 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 103c90ed5abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1776 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1776 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1776 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1776 wrote to memory of 2088 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a432edee8255d1060349ff50cfc121bf_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1776 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab58BA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar58CE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 4dbd91bee60e9726e9c8ba131524d846 |
| SHA1 | 222b7f55b903268f94f709f8d958a16c580c9e36 |
| SHA256 | 764318100954f21dfbf062eb09c7daafea651eb43a284272cbc8ac143238e35c |
| SHA512 | 1d2101075a8e55c4d5719967590f6ce7ce67ef958f3dc7535eac6a5dc6f872da04c012b3881ae117b32aa77a50dd3ab5bbb3c9377c59b6b22b8713b0733e6674 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e05d75249d0505a00234363fe92e58ba |
| SHA1 | 1f0941df564d22ca8fd346cd27c02740ef31a2df |
| SHA256 | a44206e0b448da248b767a7c0ade21e2d218617a1d7f9dff4a4d633e0ce1b325 |
| SHA512 | 3967dfcfd0a96e4de4ee0603519da514470b489b541e1aec4cf60cdfc22babaa309fac2c9446ad3c088cae556b84da23e32e09ea9425e63f6340f9e4d3f0515c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 668a9f245c4fb133be92979bae7eea3f |
| SHA1 | 013098c07ec6df64f093baf878c8ba626eacdc5e |
| SHA256 | de345beb62fc430dba5ad532824633114a1b799dde4c6a1f4111e4cdc6cbd620 |
| SHA512 | 6b7ebdef2cb9d3a63576ed98699fbe378eed484b719a64304b67ff98f73a2e0032e93f6537c3ad450c5bf0e37bf56187f1960203a91b8f3269443d0545d09d4f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84177a0dd8c9d41bc5641485b0e77ade |
| SHA1 | d386a1fa6766f89c57870730281cf7f0859eebcb |
| SHA256 | eb8466d535f2a4f0bacb0869b6ae4025749e9c95da923a5737447ff00cd44b99 |
| SHA512 | bbbb950e6073e41cb3d16ebf540250c24a6f1766c879264ff4a755892d92b9c39c6928241bf2f7603d3acbfc838e011a635e4b04dc6ae5bc95f6743f7edcad33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32a8439dce1da3ec9aa880f3053efd65 |
| SHA1 | c58f56396f50ec85d81f2bfdb25dd541d0c82920 |
| SHA256 | 46c3a90754fdb9666ed78cd8d400db0cf517d80d2c28977ec6e1af6dacb2ca10 |
| SHA512 | 9fb01ba2893cb8ca5beb0e2508355a2f8694b7280912879223058febd17a76b2519b8e0de7207f27e56aeb7ffe543338da6fb31e62ea1521a65df6ff3d5930f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25
| MD5 | 36c2ac1291178ba4fb1f2b9203527b94 |
| SHA1 | c404e15f90cf51e534ba3162c3d7cdc5c18605c3 |
| SHA256 | ccfd5573b233ad951d66f6764622dfa7bb0720a913571ecd65fd2b0c84952092 |
| SHA512 | d023961c96971daa69668c01179375fee6a84f8f845c4dc55e18dd3e67e781cd909c36c4eda3521de3ca8d671e34a835210809cb11ea7c3b9a0e12337cedc89e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ead38583c4cc1d13babd4b553a4817c0 |
| SHA1 | 04a73b257e09a6ac5f0915be32a1218172087e5b |
| SHA256 | 4900be5e94bf5c36a945b3244762a0c64aa944892c7d29c7bec0f53ddcc29df6 |
| SHA512 | 7d85b8f930e0831edfc66c852a34d7e3f5e37a5011c5397472df5ef06d800bf00e72dd633e3ed43efca74335e87f5c666c7dde318561b1e67b260e9e0741a601 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03dc83e5d4ed8a7c2fb0b56f3d4ad589 |
| SHA1 | 8ceddd0dc49f4647c26b69707904a61ba2c4c22d |
| SHA256 | 2d4f9a480dc95b83d95c45107492ba7aaeb098130c7df1fa6ec1b6830c1b322f |
| SHA512 | 43d64dcf769b666e508144f979fbe8d3d70f46c43887ecf1b6d43612510dd142cc81564e349f01889bd49e0dfe1bddddac6e09db96e26f4417df92913ffbc2c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04d4d48a46cd2474d1e90d9993f84f40 |
| SHA1 | f02c25a66b4b573514cbe2ee2ec2e1d1dbd4a6f3 |
| SHA256 | 7007a1f0be97c068946cf1746cf30cc0c029e70c1344e3e65d35c21590d6e25e |
| SHA512 | 2daf26d1f8d23eda6280f0417236431a25e599ee580ebd21b230678ddcff8bbfefd3e5d96e90dbd554369394a7ffb1260f1fa37a5d4b2e8c0e7ac9da1d3ebff2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd209a6f477b3a881126cbfe72ff1f7e |
| SHA1 | 17e03baaf97adba8a4861c327d68d553af03b9f8 |
| SHA256 | 521536f429f0729914a9e0831a1ba0b2d644113b09e6a321901c721fed1c8466 |
| SHA512 | 205a680079113fb9afcc8bca96f36e8a8d980a0c03b69d2df6dd24793ec2a7a9889ed11208e8e716ccca9802ab0b5f0eb0415e6616f8695c6bd4d17b75072f61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11769f1ec657cd9641497e1e70fa9e1a |
| SHA1 | fb824e3a41935682f025c885b57af8655c82714d |
| SHA256 | cf56cca6328423a1ab67be64a158e01f370f91f149a0f95222dc22c7b3794cf1 |
| SHA512 | a4810f710b50ad88a9399b4256748757e8a2750e3b5773c0fe0e6188a1c4e0e3e8abb9f6c3bac4943faed6065ff319893e5f040bf874d915fca704f48980bf33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e35534a16fc5eecb744a7f76f207fba |
| SHA1 | 2df02bc220416a46029eebdc80dad99157ada8d5 |
| SHA256 | c5560c7351f7f8e69ebd94a0382d6401220585a1847370a7f013624f9cc83992 |
| SHA512 | ba0b9812aaf6157b84270d609430362ab12a935448cb7dcefee66a91beb71ae78eb91f5437534fa2d4d3e394f58e5242d922cc36f3f67747767c1a3984e5019b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82ffa3b24c262a5f8021d36ae705342a |
| SHA1 | 449cf76aaa2fb2689ca4074e45233f2955e25a66 |
| SHA256 | 1770aeb2ee99dd0ea76f9d8356783c7f484d91629a8454787aaebe5eeb0a0fab |
| SHA512 | f55eaa656fc8bb5c60fccb589aa55314265c563fa65165efa6f68ddf0b0dd6d897b61fad1f611e545af4fe05d707259841a90f6174ce85c6cafb7e5186dd1139 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 053aa33028d1e7d8c6653536080082bd |
| SHA1 | 531ffcdebb05af40992c98810a881128c577e373 |
| SHA256 | 0b3730a170d4a75f91777734331c481da03a6c5268b3f9f73ec312858678f2ae |
| SHA512 | e7f88a7313d0065d5cca6d4780aa219fc1d9ac45d3c1934012fbb775eda5587efdf1eac577dedbb9adbc94974d5ddc6d8504a23ebe6a612fb90aaf4d28a540db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0477412d6d5ba767a64b14682e9d091 |
| SHA1 | 575c35df2f96f5cf9212650c450b341a23e7d48c |
| SHA256 | 5a8bcc87e1091bdf6c45fc31653e5316594a4d4a4381a0d8e238f5a8709dfebc |
| SHA512 | 15ac7457781779cbb02fa4d147201674b569bfcc6e19d5c4d10794d1937ffdf4649dcace593ec002e518a3dbaaf590142c922e78a2020a01946542ea1708aae7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7df8d2a9ac20ce8a421318a5466c9d03 |
| SHA1 | c49a363b4e6504bcfa37ebc0ef438d11073a8b2f |
| SHA256 | da8780a5ee5266f3eb8ec15bcf12b08a2c80e00be3151aee555c8e4dd5a9af3d |
| SHA512 | 297fa9e8370e7b871b25bf193f75d3d9c782ebd3d8707e08b67855892400793b26d655746d4972eb0f804b98158416b443cb16705af44e529089c5ddbcae439e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 222c52feebc789080daf4fdeb752c37e |
| SHA1 | 441d2e08f055c6ce813bad7bd81311da222134b0 |
| SHA256 | edad83492a272e00d4a24b193c7222ba15c2edad74b3741df6674b32fc17a76d |
| SHA512 | c963399cc6f5c0133b75d0c34a53c2ad93c056843e0d11ad44b35fbcee16be4baba7e302312a0871d3a35f5f70528c0f21436f239f983289049f330f025dddfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1496de2d69c983f86f50158b55439e9 |
| SHA1 | 5a3a2388d77194b0c9623dea50aa2d6811f08064 |
| SHA256 | d718115b99dca3fb6ee1f6f4d583e85ad999985fa471f2cbf77ba714241503c3 |
| SHA512 | d00f1e43217215cd77a21478d2f49589efc31525ea25d134ebc9c53a3a4f2df6bf7641406dc772e8a621398316ae083790d56173689a8f737217ca12d89bdde0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f2fdb00ec46beaeae7fdef13ddf68cd5 |
| SHA1 | d543eba3abd8fc8f172edc0f1c877081555eca8c |
| SHA256 | 71d90de94c5fbb63111337f18ffe866798c0a146d99888c1c6f5d1e8a9604277 |
| SHA512 | cd31a832c9093ccdf0d8b151dbf81e14562b9e02d141e2c9536a8f38b25def48b6878cea874bd2b76d2bdaa6267c0f82b38267e811b79d30ae3675d9fdd6e99f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e924b3bea2403ab3078d4c108404eed |
| SHA1 | c7a0aaa7514eb30ecdc19043d4e8131fd4e0a399 |
| SHA256 | 122b7cece2b36efbc5e62dfefa14b019892fc883cd94834a5eb34cff700c563a |
| SHA512 | b834441a4173ec8e8635be3f59951bcf01a9ad25e4803433d32b217e785b9c44a8658a64be3bbd1cfd17ac5c0388fd5f9fbe63e565116cefb9dab604a2951e1f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a167d10f4a313e6483529f464636e06 |
| SHA1 | 29f69475238a2d8c7877d040d8458ff1f2d87c07 |
| SHA256 | ebbe5e213734fe2827a9701f105e791ca75d9ff66571027a62b29ef4eb210d18 |
| SHA512 | d93443692960101413e8266a26cf5ab20a5c386647e3afc5625212774fcb3b553178365c517a2130dd4ceda04cbd0173c529cca5929f9fe8fb6ebb5adf784ba2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eee61cf583f8d66ad4ab66fc15b2b484 |
| SHA1 | 2038d25c46c93a27fd257bb07014493b7b2b46e8 |
| SHA256 | dd323bcf1480853ef29cc5eb38172dde392c73e11c41002cd2d89ed847b225ca |
| SHA512 | ddd00d47430031ddc439b0f0328449ace88b02e0eff416b3d5b86a68deaad06bc260dde01f11af336f7d1bf239e1a13af4c14d86cbfe8bd21febf916e20bfc1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 025c7950dad19ed683fc3e83925c2d97 |
| SHA1 | b1c1fbd66a26db1cf7b647f046bb25c2c0a28880 |
| SHA256 | f28cc11b5c3844381662034cb1df807392248e59b606a2ec1dafb14e4423c631 |
| SHA512 | 0bd83589381f47fa995f5ae7dd12100cc26e1846617614e4c0ffb0f0aef00a0fadc8a9a230d9d6eaa64f03cd79c19c55620ba61b2940a4fba97c41cacd00f695 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bff51ce6c827b24b2b5eb7c611127c9 |
| SHA1 | c04d89d7a9c56e4c84de01f051ef87d06db13884 |
| SHA256 | e2c2826bc4961ee188c4318ada3f198ab1f4d99d0faaba395ebaa312e505ff94 |
| SHA512 | 75314d8e3646b859c6d341bf9b2902f1f599d13c0a7d19ea24d39cba48f6b7d4d1a48fd5374b7ae2fa0085e6afc7f2c58d3f6e1229f4380cbe6fef2e07220e87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 37e1ddeaa19ad22c5abab5831de29089 |
| SHA1 | d9c12a0b9c47c95fba47dde91d597bdfcbb3dcfa |
| SHA256 | c26194c9c6dd38a51be1424492145f7b64117a1a917e6a7e635b006611f532c2 |
| SHA512 | 0ad6e8d69754345f74c3584d0c5836f6a7821715baec0cb04b53ab99ea7d9a08a35981a6aba13d9c5dd8a5aba5fdbdeebf7f7141379e198cceefa55e185c0032 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 997877925ac070eb77d57be61f0f0e77 |
| SHA1 | 602dceecdf1dbc1689acaa43ef204f6119d82fc3 |
| SHA256 | fae92bacc006e4f412961f7153f503cb4477938858bdd018031260d5d146aee1 |
| SHA512 | c1950b6c7d3ea7165598ff2bbedac85d7837da1c245c27b006b0b022e74e6b3c843fa83e1bcff4ac7bc23f1b5a458d63222fa459199213aa15c8179eeb5bb996 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:27
Reported
2024-06-13 06:30
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a432edee8255d1060349ff50cfc121bf_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1388,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3760,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=5124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4088,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5300,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5344,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5896,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5740,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |