Analysis Overview
SHA256
d5dfa89ec0be5a575a1468b8045fb20e41e8a5fc6e6de0be6cb4891cccb86afd
Threat Level: No (potentially) malicious behavior was detected
The file a4340ae62b013dd767b9b0380dd6de3f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:28
Reported
2024-06-13 06:31
Platform
win7-20240611-en
Max time kernel
134s
Max time network
135s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007eda3383ff712fe84f61b1152a8f3e83b1f07ebdda133376fe546b3bf8b68506000000000e800000000200002000000054b8ad8eacf763b46d2655338b164ce25e376e4c082d755452c9a7e27e8dbfef20000000e5c8d4b409adce40d4f891ee1efec0f5899f5e4b593082a23805e534732472e440000000463c65e0ef8a0e202a61d54b2afb8ef14fecd84cb58b5286310208b8c9c066b06d31d2306b543492d7fffe2c992f4fde3c820293f233a4879e17dd09ec578472 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e051a40c5bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d66f6bc9c3251cb6165e48797cefd028d6d07d713d17cfe2c2a58f2188397eb0000000000e800000000200002000000096e2333572e7ff444f9b0f3df77f7c498e39a359cf19b710f59b8cc0bc2f14709000000067b725b600763cc552235de274fca4be15f048fddbecd301bf9451cf33f6846c9e112bb1dd66412074a60a2e7ca91b48febe5faab0a227ffb693a76e41addbc50c186fcb5d1e9d3271098dcaa20a949a22ea69db485068df824eadf516c1d3d73ae90705d0d9138921e8954cf1811b99010edd7c6555af43a71a6232dd9e6ecc57acbf4b38a28b9df5c9eab39928649a40000000e5a82f4373d01088d71b335268490cea972623bc3bee28752bae69688f58dbb2aa75aa692d7bdbe2b144cf758c1ec1924f50e73105435ead1c82aec6107d85db | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{354AB0D1-294E-11EF-B848-DEDD52EED8E0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422005" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2100 wrote to memory of 1752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2100 wrote to memory of 1752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2100 wrote to memory of 1752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2100 wrote to memory of 1752 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4340ae62b013dd767b9b0380dd6de3f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 38.6.66.69:443 | qtxwglji.trackisek.space | tcp |
| US | 38.6.66.69:443 | qtxwglji.trackisek.space | tcp |
| US | 38.6.66.69:443 | qtxwglji.trackisek.space | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab877A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8858.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6333257a8094efb22f5d694a4f4dbe82 |
| SHA1 | 211c649c69b5ef5c2d86791efcd448083527c82c |
| SHA256 | a8d24b61dc1c6a469c5f6cc5bc2902e0a0b71bb69703d549cb691ef4cf99e0be |
| SHA512 | dcb9e150760d49a4a61025dead9d418e05fe7baee7f5149f85ca022925bafc3238f8b671e779ae2125f5b2b0279b3f2a6e198e6f0cf692da865d51e1fb20af2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e330e8f724695672fd96b2277a52524f |
| SHA1 | 60afdc5e18b0b82a6bb1ce83ef077a27bace3dfc |
| SHA256 | e73949b002bdc984e270e417adbfd30c5e82935a41f8b9226eb9aaba2495c619 |
| SHA512 | 8ea9345efc4b8c573f4dcdc1348a86d287b87b83aa843977c4633e83861da4b6255c11253f40aa74d32a2d5c64b9fcbb3170f86110b3b2983b6c8ea4d081bc4a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3076371ef4994d921e5ffe195fa8b3b |
| SHA1 | e8c11a23f58e938aac47203b54702f6fed13fe2a |
| SHA256 | a5887d6f5ff93dd682767269b2b7b39216ddff3809d81e9d1f39722d4738beb0 |
| SHA512 | dae7cd6ff77418bdc52fba20232ed08543318022d81fd52c90ba32be85efe31e2276bf3c1a9cbe9b4855a232464625729bac14db4a6d9dc047060770e1a0050a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9becd412187a848cf642789d1839d2b4 |
| SHA1 | ff2992aefb4e6a292f50b0b88b84be119029182c |
| SHA256 | a2b65a07a0c3c4c0556d3462a12013a5f958f6e73aabbb6307981fff4b1fa1a1 |
| SHA512 | de08194e43f533888c86b7fc92d5384e9289200778543fe3a23a0a329be4cd6a56d4d6ad0b0ce57f6df6581c2d11e084796858c4499144bb7999e3a1c97f0fc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83f3a0c07a9186cdcab89535322da9da |
| SHA1 | 0a6d4050fc9922c42049eb1ed15f05a50cd3fdae |
| SHA256 | 6af810b5ce0ac22a667515cfd4c75629051d5094ab21bb723fa49305179844da |
| SHA512 | 0d45842aba7b6edff3c10c3579f91e22b3e0529173b2c1fd168fea0b8080d6b396737247ec31a7e114cb09607e8f9f04ce8a7499dbfcab174187fae7bf096887 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 610e834e2dc85f817aa3d863617c5df2 |
| SHA1 | f8af065941ffcd6e1a1518f2359b631b592287c4 |
| SHA256 | 78ff29b5003f69e827b184d9c6f88539625aff831cd453f98b5cb26e5287bae8 |
| SHA512 | e8b9a95f5be476e78c66c3fc72b23f18e246d3e973535b198a67dce14f4f39b98f0fde4e1248b6869844c4a15b4efccb78cfd68ff3cb256b63ac23127d1b5631 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d61b434be961b2565bfa7670e427898a |
| SHA1 | 1b7b7480e749424c472f7d384f0036298d38d6e0 |
| SHA256 | 055bf010c10ff93ff4a74f990c347d5a2a9131158e8d9ad40bd0ab770c624d41 |
| SHA512 | 941a8154808722dc2e6d835355cf7f9e5ee803ad83785e064cb773a705663ff283f077b2b11431ab8470fd96f65bc6545e1d19335425c5f596d58f94ae21b211 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ab2c9172843be3fbd73ae5d1a130c85 |
| SHA1 | 62ac6e9b3d1378aaf279795e6a127f91310d9dfc |
| SHA256 | ce99c5443818d8ce7387f790751475facb81120a8775279f0a9b492314a762ce |
| SHA512 | f9f5537759b40ff3b2ced6d47b957b651a0a0d1d1eca21c3c12918c45edd292dcbb27e98c176d0c95c4a3fd416962ddcd7bf854d77e19313ec65c36dba2092bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 419f2a74426a4b7ad8699a7e82303eda |
| SHA1 | c7c87110ea74f21f8d802f4772e3aea398e40911 |
| SHA256 | b4d2201dea18f5eca45c0f203148581b998d38aa47b0d1cbae5979845f6ae8cd |
| SHA512 | 32ed5690ed3becc367021734b2a2706a8809c341c88a115e6c2af7f0db15d2465082f52a928c7e71e9bcdecf037584045d5810ad40afda6987329bc26f764dd6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08d2d8162d7e141e8fc7ee51d905d25a |
| SHA1 | 4b147e3df078f10856dc8d53f6eacc8ba352a793 |
| SHA256 | 21c124f2f3881714c317c654719daa9ff0082ef5775353056604eca2f8de8e3e |
| SHA512 | 568fca7214678d22aaa9c77e8fd948e5452bcb0ba8756dee6c13d0389bff7df383df478bdaf52173beda7c98e8466f1e5a3fe17a6477fe2d3d31104f0cca74be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03f6e3ea5a985a6636f6781358ca6f70 |
| SHA1 | f5706268d4626fa97a532e723f18dbc046bd8c8b |
| SHA256 | 7940e4438ce6b1103aeb7761273525d387dcde097f88e92c27190cb686a04f11 |
| SHA512 | cfe9b2615c281da069c9017a787a6e5897d4ea4e9b1a837d88fcd66e851c2fa9c61598a267d71a70ca8285352f902aadf7ee293708689fb2818cf3c8f25b72be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c62172fa0fb77ba74a948bd1291690a |
| SHA1 | bd8204ff6d93959a047b14a919daa78c845b7f8e |
| SHA256 | 282fd9dbc40513bca064d4584a827811592ffa9a5c0e0368c75611d169c9efbc |
| SHA512 | f8387c63028b8823c4d37eb52bc22375a238986151a457306ddc5316a8efc2077c0f8a939cf4fd7379a056e27c0ff6fc0f63b54a8173b0ae1e26c66235e62c7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43c2768e9b118ff49c6427cf5d892b35 |
| SHA1 | 378cfcf6704c954b63fa12876e986e7f0a2dfa98 |
| SHA256 | 3c9bb13dd75c5677a3155781a6a8630ffe38a9a256fbb1c3120cc8196e743ef6 |
| SHA512 | edcf1e7d60fbef6948bbbd3a25f13031936168ce09bb4dc8fed66f03ec4fd5d21d1948e0e51b14bc0d52f518769067d11299a99a531b3a5f4b55ac92e2d5b4ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 803f0ec487715198319ab67b600bcfd0 |
| SHA1 | 1cd82f940be73a3f177ad91e06acca167ac2530b |
| SHA256 | 489d7aeddddd1206c05caadfb04106395f3522d9f0966c24ecc25df851c474d8 |
| SHA512 | 5bb471b8bd4c61b09e495b1cd07a9ba92ac362e4d98dbb3e877cfcc3b99744d1d44c21b819fbea5ae12534036dc4e3c63e9d29ea84bf5b7e6007f0c124804e50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 491fec8cecb285ac6a2d225416a26536 |
| SHA1 | df271074df446dfaf7a4bcc57a669655eba47a71 |
| SHA256 | bd32946b463ec1e8dbfff4c81ff954c9865cc08169be27930573a4fba7e2d064 |
| SHA512 | 1d9ab38c01fa75e7b63a15e7cc6f26573c8f9e9769a6ae03fa462ccc1b4fd7fbe1f127eedae306a2c608503ba081cccdec086b5dc8d9c3fbe4de9deaf17261a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f98f5788be61332fd60f5667af45e0b4 |
| SHA1 | 35f3ca161dcccfcc4eb204850ef9130d5ac51ce0 |
| SHA256 | 5fd0d0750c52068566289656206330cd4d2a30de94edd8001a4b6a818788e5b1 |
| SHA512 | edeb57f3a298e95abf6f8ef42342c7c0ce613fd87a109f99352eec7e50498abf1d6ed0ac5d2b7f24f3f890610b874ab338b90566ad31388391136e7b6262cb30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb154eb83b05026e20fa829bad2b7eb2 |
| SHA1 | ef32d79fd47cceaa556e41f7253f9e06d6808356 |
| SHA256 | b21fcbc058640897d0066cce1b04d762671c665a8578e72b13e039c0d3d7ce9b |
| SHA512 | 97c15ef3cf701e0d4dc75326acdf15820f03a7ec0b9e9fd5a1112b92f827d4a3b327cd02855545c3650c56681ea09013622d65194bb0fc2fd4bfb424955c7343 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:28
Reported
2024-06-13 06:31
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
148s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4340ae62b013dd767b9b0380dd6de3f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4168,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4128,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4396,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5344,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5456,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5860,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5984,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5968,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6620,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6580,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6064,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5572,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | qtxwglji.trackisek.space | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |