Analysis Overview
SHA256
ca9308b096dac799bfead20da2a19cfb1354fb5d747045726cd356a3f2292e9c
Threat Level: No (potentially) malicious behavior was detected
The file a434adf626007c1bc1f10d9c8b832780_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:29
Reported
2024-06-13 06:32
Platform
win7-20240220-en
Max time kernel
119s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4FD2E581-294E-11EF-9A72-56DE4A60B18F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0480a275bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059d609311af4254298a1cda72ec4142c000000000200000000001066000000010000200000000d5b891d63c978e9851ed1231b72db8cee62626ff4aedd1e43b804c49a312890000000000e8000000002000020000000463bcd2fc37f0cafd218b7ba5b3fe1bc4543a1e28e56978fdae3e3d4b5e6ba15900000007bd519aa0a6b203a2e41a4ee30e0232cc8994a77fa36fe9d39e77d6786a396f2f42b2bc776b4f8a71a7964f8b277ef62a0f09c99adabca8958809d9776c6927f11d2d77709309f617ad6d224346b3dc17d5deb3d5ac27a44056fe84038d8125a371151aae53f5b807e7a8f7cecf09ef55facbf6de6f9265abafd2a75e4f919a9a8981d4c06020a8ed0970a46483588ee40000000ace1e246c7900e6bc52c38533e013c8f570af1c7373ff86f9eb9383405d8d5b7feab0729399cde999f30c13be8c71f1474e27fdd69e497784002c0cdbb4240fa | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059d609311af4254298a1cda72ec4142c00000000020000000000106600000001000020000000d1652743935914cad8248845cb31f7b6511970128cf56981712774a896dcc46b000000000e80000000020000200000005ee4492c12918b5cd7cccbee76153c780912ffd353f1cc6ef2e24c8933e1a964200000007222775ef2962631979e5e61d516328461fa694f20d0d85fc3bcdc8538f82749400000001cd94beaeb5dc29fc9347d478262724a753ea03e228361cddbf15dcb58fce57af74a3f640f6aa500ccff84601ebe0d3f2a7a3b92055cb45fa08b0d15cd3ed549 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422047" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2464 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2464 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a434adf626007c1bc1f10d9c8b832780_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | naswierkowej.pl | udp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3C29.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3D0A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 553dc36508f93ba3f72b6635cb497fa0 |
| SHA1 | 222988fcafc722249534892bfac3aa24d9742409 |
| SHA256 | bff2d499b8a5e849949e74f7cd03529df805db59e127cc0cc9599fe2e0b98a23 |
| SHA512 | 19c653d4ea029415dff1106dd5454c7da67c16785bec1441d3528bd12519ed43f8d82a50ca11a5a4a05bd5d50a9dec6c249337a724a5ac8896dbcbcc7d3527ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fd4bdd6d939ef42bf46123e163d7da3 |
| SHA1 | 166ab248a5f50a519da1b5168f1641762105dbc8 |
| SHA256 | d38ba552654c329311cfd077fa046e7369f025a8be63345924f5adbfed413e60 |
| SHA512 | 8ef545040b5ccbcba98a30208b725f81662b7a02473e25419273f6694776771107718bdc65d7353d5d0a0d4c40775dd580fd34bdcea9a6b70bd6b279e73b1eed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a8ad9be90d0aae6ae324a3750f625e6 |
| SHA1 | 66dc5f16e74b446ca9de9d7cce3f87757bcb8538 |
| SHA256 | 9fdc49887689b6cdbdf431746180facb25521683ac3588cd3a08deefc1ce5b0f |
| SHA512 | 47f952bdde772fafe37cf412fadc417745879f4eeb6db0e4498cb5a4940ba1e10e1291fc9f242a140ecde0e32e7d65594a185091d42490046ea45a6ba126fb9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85be1f8212ac0dbde8eb4ef9219cbd2d |
| SHA1 | cdd720f447b5ad552f5ec393636705af8de52d91 |
| SHA256 | e923170916ba5a7c10ced12da3618b3337b5715cf39d88c35f28375703fe34da |
| SHA512 | cf2a204b91c118a19328809379211572de51a4e0f57c108dffa6f5a4757f506626b55d6a95bb029ea660cb4d633d4d43f324fece9a0dfc54577d45df0b305190 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f1d2bd0bbe95d32bb36570376c409e3 |
| SHA1 | e2612c703ef02bd4ddd0cc0daf52c259b8c9d18c |
| SHA256 | 8fc9fcfa95a9543729226fa2b46a2e4beecc61751e0b863a75b6484bc9ca9cd6 |
| SHA512 | f5b900d152cfec073e72797c47c515e420989a6c12d018fcaca1cd4b5b786276e6d77f6e35ab4bcef641670bc89b8e9c6f7c4ea39d508b4f4aaaafd7487904bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c93019b18871f498a67309eb4e24bb74 |
| SHA1 | aaf1bcffddd8334c4147f2ae089f509d1aa5202f |
| SHA256 | d478db4823f1ef68ceb589957ec536875aad284af290c3681266e6c6ae104ccf |
| SHA512 | fb712397230bfa5d3bd267cde5723be1adfaa4d3965ba78d60a5330561e0eb3108ef1f356dd4c462d1b29f4e2daea9509d9ed3576c2817b78dd3faca01e664c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f46fbc440e3aa56d84b8dd6be6e622d1 |
| SHA1 | 290a258f6a04dec765585289f39c6f8d751ddb1d |
| SHA256 | 9198cf008f40584bcc6f3c043cf0e0a10b83ab71d2821036be5236011ed0b0a3 |
| SHA512 | 274c492ed6559486d10fba66cee70ba47af6e2f450f878758ebeb1545f7d368c9fa3e454d29cc3d9de3ed02f36f23c4bd0ab221632bb3eac936ea067f9c61745 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4aba396b0421b77eae9011ef0f672d23 |
| SHA1 | a37f523f7289f541473d1ca8ed5c2089fead5fb1 |
| SHA256 | 73b0a5eaf568c22136e5d15fd99d03d8f7dd5759fc797b30bfc6a563ea9cf888 |
| SHA512 | 5c977502650e8696d3560dfd0475dc2f3ba53c917c4c2398daa3f87b550c6518d2011271127c644c7596b81441406a9cf74fa02af15f6dea8a6b05b92330a811 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3ecc14983a21f7281dfd367eb895cfe |
| SHA1 | c63c1480d55f4315dce68f8348fd1122bcc361bd |
| SHA256 | 52ab32a7c8acbdeca45c15253b330b4af3132ddef9f16bf82ca6ac7a41b6f6a5 |
| SHA512 | b05cb3d9b05439541dd16de43d5a6cbdee61d7c7ccc408e42264e2f9933f88aa12741a24744a00789b80849d3b5f5b1a12c8d9ad0cfbdc53efd2163719288686 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4d4d479d21849feeca1b4cc5c894e41c |
| SHA1 | f355e1f912139dca14e177f272bc74b588757bf6 |
| SHA256 | e2d938d063690dd4e60cddd829255dc0422a21b7e3c270e394a4a082d1704b65 |
| SHA512 | 5d5895c3846a0091cb7b9730325d0a6f70a11e3135cf6a88c19ed8b2ca1ec468aea0da1bb48ebd2737220c7e19abf7be7f63261e4bf0d0065ab7a4d70dfb4973 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 923b502c6d730529c1949fff1b7807fc |
| SHA1 | 98ff4a92bc1aa12e2f55d3026f133adc8a4a391e |
| SHA256 | c006e7f0ed0c85af14b8080d743ce821ac0b8a91d7a9702e3cf4b0a01a93e3f4 |
| SHA512 | f7d2f93b27f0d9ad2eeaa7d5819321258770b74e5bb35b2e67d032b2b3035f5b4d381ce84e517395cd5ec43969b58fae25bb799d48d2320de22d7eeee2e1dac0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c512e8949bdad6ba73261f0e840e1aa0 |
| SHA1 | 3092cc912480b584b53318af142471d3671265e2 |
| SHA256 | 19cb94839b54a84e45d95ccf7582aef4f754c05428c577f62266eaa9f67fc2ea |
| SHA512 | 60244d3453821f42ceaa7963c72aad1b17d56fa6c9a2e8f930318e36a3a0bb51e9383bfaba1ffb15071e7da1ca63902118acb5864a59e7bce941a4372a4e1eff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e874b2a96eb16ad904cde9291a08be7e |
| SHA1 | da909dc60c68132de05671282c40d575b315cf76 |
| SHA256 | 331d2a052ae11ecba04480b73008c98e59fbb5f3a6678274ce97a1bdc5aea3a3 |
| SHA512 | 5a573dde4248be49898c426e40afab3907517599c7837fd78434b09f505ddaf0249eb6816d4016fe800e8c55cba9be31eee17312746f683fa67b51bfa9fb15dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c2dae7ce85dbe3c5d951259efeedee9 |
| SHA1 | cc9491f22149181ccd93dd9747255f21ab716c62 |
| SHA256 | dce8f61ecc6169544bfe2dcdb7605a5855097514a00434f0cbbf642b610debb7 |
| SHA512 | 545b0a802a92534076f21a5f0cc1ed1ecf1b5e6e45cb2e3d239d3c0fc8e859029d3aebbd8ff4e4f1d8ee92546f79da0b591c08991e709de9afedd265bef636b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a50cf663a28d59c004ce51c5806833c0 |
| SHA1 | ade3832d3a7653bf51fc107a724a312359fe7324 |
| SHA256 | 8606264f3e416f73ac1d9f2ca9791c8feed565ff55f86ea00f41bd9e015a10bb |
| SHA512 | b35e2da5e397a59af998865d3ca20c7e495aa92beaceacd8ee35add05d972c0146f0b24905a47c326637e80138ec74f974cf7074f072755810ce8fc2a2fd492c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 448c670f79121e53e06e2e397e87b988 |
| SHA1 | d79f3f5b0cfda4174c60ec4b55f9f26fb28bc8ef |
| SHA256 | 925db97992ee30ae2a0776d694911545fbd096aa96a026f404625c813ab40803 |
| SHA512 | 4a3a11514b4e51456bdf373b3a700809f6412041ae2a21e7a4f6712b24d3e874ffaf88cf056c9e2b5a9dc7c0161a0ca86a7a27675b025a7a98d753a11f37803a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a734b551d426082c6f0645208a8175b9 |
| SHA1 | 73093d0ee76367037a6cf96d2a6384d7f0c36932 |
| SHA256 | 6ddb6203c526eff7a4e6eab69c4b8b0cb10272876d99696da69e9d65f839bd67 |
| SHA512 | c335773097be8416d8d46a0d0218b2be3748ae6fa59156af3d2e1b401a01b20efcf952fc97a718508e676f7ce7902570769b52e79a5ed2881516b93d5019b5ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e96ad95de6ca4b02b4d7bb007c7ee9bc |
| SHA1 | d7121e24a9cc75be3334dd60851a1a7248fb88aa |
| SHA256 | 3f41479b5c79e192e895cc84041cc12639781050d88b130d7096913959605718 |
| SHA512 | b39bb2f25a57887e19fccadbcc6a4cdbc94c94c139a880d3d7d4e2cc3c9fa45b6088b84350b8d4cfd73972c3d85427062b50c639f50842c5c389e7af26a8b9ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84cd18c7dae24741bfa2b40b49b72430 |
| SHA1 | 0b0289ae05a2fa1736d93905188f9c2d9c31d225 |
| SHA256 | 883dedb4178777d23cd988a7754726dcf325693fb4b31c3b55d0173fd2d62450 |
| SHA512 | 0c2241a5fecd199a116d2fd97b9f895a111b5795866c077cafe1784156813ba1aedf61440c50ddb631412c2573d0a352d7247688491f143a5cda46cd03cce1d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23d7edd138ce8831a69390b2a4ff7429 |
| SHA1 | dc184a8171441faec4a3962f69402bcbb12cdcc1 |
| SHA256 | 20c6872f84a839f5dc6e91f42279d87f2fa25591f5eb9cf5e79fbadeb46c4b60 |
| SHA512 | 8c7097bdcd7fad00a3437f1480c9a5b99f07f65f6bf2a7ee61a2d65d2736fa5240db9bac576e9613bcb950de51663bbba2c54b4d939744dbeecf8bd2990765e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 577c1ac78a19c51c76a3765aadee43c9 |
| SHA1 | e65d37ae95870b05d8ad9141cb7067b83e081eba |
| SHA256 | dfb08282d2d0550eca0accf5cd8672d6a0f18dfc4c43c1e2ce1c62a601a33cc2 |
| SHA512 | 3e1a1bc93a9becacb9ec81c033f8c8530b43b5a7e691a87c02d3531672c01edab15b2a9cc9d2c6557a8559fcadc116d3ad5d7e28560a2d8e4fc3db19ed0fc630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba30c0cfdf4049097d01154d9b99037c |
| SHA1 | 699372750433b92145cebc318ec45dfbf28113c2 |
| SHA256 | e4e6aa0f38cd8919af89bc52cf340a6d403442d1bfe4fafae0c221497ee95f9b |
| SHA512 | 4745071836370d9647b976daf4fb3acf8dc5045fdf39bbcae0364cc9089144c8ae1fe34304b38255cc13795198eaf814ebc77b9d6e23a5f9628de45275125b76 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:29
Reported
2024-06-13 06:32
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a434adf626007c1bc1f10d9c8b832780_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4972 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4672 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5740 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5536 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5540 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5084 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | naswierkowej.pl | udp |
| US | 8.8.8.8:53 | naswierkowej.pl | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | naswierkowej.pl | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 2.18.121.23:443 | bzib.nelreports.net | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 104.208.16.94:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.180.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| NL | 23.62.61.121:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 121.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.154:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 154.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.173.189.20.in-addr.arpa | udp |