Analysis Overview
SHA256
99fcc34aaf0bb17c26f1f4458c43e11d119007d58338e7d1e6e8abfb38cbdfe8
Threat Level: No (potentially) malicious behavior was detected
The file a436cc3df24e3d71c81689a876726b82_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:31
Reported
2024-06-13 06:33
Platform
win7-20240611-en
Max time kernel
143s
Max time network
122s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30748ba35bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422147" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8BE63311-294E-11EF-9EC9-FEBBC6272832} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000dda68e43d2d49c31e520e58f322703b846636b441cd2a07bd6648076f3a3d976000000000e8000000002000020000000dff67f7f30519112dace61462671a82578bd1f806a0974a2e50ca261720ce21b20000000d9819426392bc1f5c1844d723b79f12ee831c52b8cc16f7da7c7eaf73e6f2aa84000000088d78c89aa093c4771f80a78c2951454e849b82d33f217395236837b5f8bca2536612af4ed29c758795dffde470cb3c3893eb19a69c0bbf04c580a75717649e7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000b937d25284ef300dbe65f2ce548a8a4198708db466302c22a504bf6760eb5627000000000e8000000002000020000000346ab165c277620ab06bfe2d068b9198876a6be848df25b0ba7e65db731e133c900000003ceebc2a9c6b8a9bc6239c9b722a8373d4184246e09a89cc7e7dc828675cff0e761d5a0fbd82ea22ee6cef8f10294cc2e98b40ea95065027cf1f6548b45ce40357abc3aa005056f354b914faa6e93bf6f6d600026b4bfe688eae16464bc44fbb8711932269a5bfe88cddea44a653e8643852fb37eb810095626567e468bfb01b91de149debfe4c9de985848ce5777f94400000002ca4781073b5a5322845b64e347a5444c3065e0fd2248b925adade375ca2749b905062d6868752e8c7e5d0fb6fb5b402a94a6eaf689098be37924d399b78fc5b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2480 wrote to memory of 2736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2480 wrote to memory of 2736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2480 wrote to memory of 2736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2480 wrote to memory of 2736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a436cc3df24e3d71c81689a876726b82_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2480 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 89qsh.69khz.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1B8E.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar1C21.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e135e27ed15e5c4daec4638551c80335 |
| SHA1 | 480752ae80862df9552b78990f1516edbf890cc4 |
| SHA256 | 6074f3060bca2cebafa910da8491ac3a1ce17015d3493dfed15af1aa03fb6e9a |
| SHA512 | a61afaed64eb61fe9e8791319e26516b96a5603402c635e83c6f88d249f970590fb40924e98ba796a11cfa68c6cf7254085b83aab96100080e43f929e3467027 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e9c943fc2cb3c3895a2665606e970a0 |
| SHA1 | 8ce8521e3642b951e792d60f14a4cdf20a76327f |
| SHA256 | e8769ae4bc4c857b6c94a48df519d87c0534f4384243cd25306b24da28581cea |
| SHA512 | af6a79facbd1bfe7dd0cfee6c1f5ceab8939a0b4bffa94739ff2cd6e92f873a2b4d1c6b8902b3bee6050fbaa03b3198e106884e6941b8777a888f0dcc323afec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 189a567a2b748c61c1068810d1ee6322 |
| SHA1 | 30ed2bb361c2e276747330d6e4ceb1735310c3bd |
| SHA256 | eb40847e6c7e1a64ad699531ba62964ba224326d20bb098014d8efa448bc969c |
| SHA512 | 118c451c636be494d0df2b50aae6918564fd897bba123dee173b819e2ced0070e97fda7d1a622836c03ca2acad23b178b645f8a56037cdb60ece81d657694dd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b274559e3f6cebfe2540a22e0cc1b2a |
| SHA1 | 300b2f637392b8ceff55873daa0f71f47fd873d3 |
| SHA256 | e5d74a412db59f60ef4da9124923eebed66f1f897d994bebcf86519aed9a32fa |
| SHA512 | e233da79d3de4c7a66cebef01fbbcf7116f2bec2f8e9418f864b99b51b1196297c302d6e48057cc1d955731e39e592ddea27489bc57bced74031ccff2cc61f75 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce4a69256f5d2e08d29c305f331b6171 |
| SHA1 | a79073f8a497cf10c54afd414db734d865245f15 |
| SHA256 | 62d5de0c96881775ec77be9b43cd83fc5c5e6c19984bf2df770e2e712e8238d8 |
| SHA512 | 5c440edbb0c0f328efd97e533367c3cd66b6f5c0e4ac07c15d4dbe0389796de9616d2d2d7406c9a203a639c6ed0d587f6bd8e63beb96a03eff40e96a17c94755 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 54944efff5d00e6806a84896ff78d674 |
| SHA1 | bbd70cc29e0cf990bfb83193ba467020add01a2b |
| SHA256 | 9087acfbed63d3a1798825ebc1535d17ef7ef2b064e9a641c61cdf27f26cac82 |
| SHA512 | e403e121acd61d5cdab7af7ae0983f2d1650a7477f5313ec0e47b059c1568dee29fcdfa090ed23361c5fbbddb84108924c33e99c03733730cced1941346e6d88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79114d4a2487fd4e1e86b52335103e4b |
| SHA1 | 4b02c4f83b83908d6976274bee6d72b59f90084f |
| SHA256 | 2805cf2cea88edd5aaafb9bc9304ad4aacde4b237719f7bf0f7a448b22965107 |
| SHA512 | f3b5011154a81c8837688b966014f42e94ce9cac1648857b84c83e618ef8307e8a67ced8ac61e77c9e0f416e27d9fb8593584d564a02ddaa5bd4eac916229762 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f57090b161e7f87f15ad08402c6c044f |
| SHA1 | 87afa93f861000ad9e93e08ed38c052299f84a6e |
| SHA256 | 4065755b65cd399e7f136143c8e9e322aab1521d61ba5f5db885acd5c72d0c41 |
| SHA512 | a08a61300d34ac66ea3e3e96b2de64ca20c10b4cf9d902296a6943106f955ed1a9e1a1137c2933d5be0bd82a23dba1d4ec940f34faed2ce8fc76ec929c00f549 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d379cb9c93039c10a68f6caa518b26fd |
| SHA1 | 2318ebb2ac3993597f2d0c10a9a96e6903822af5 |
| SHA256 | 0c9bf82697cbea455d35a76fdf74bfad84b854f2090750e8b4750cc837497da0 |
| SHA512 | 02db8bfe930deaaf9a22aeefd226835fa9acd0a168b7b859807d9a2bdcf98dee57d5d544ae9c7b7a014d325fb84f4e4ca74833042e560def843d18f495c40b24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75c379deb5a3e3d2727e748fc483df16 |
| SHA1 | 1fedd3c51c78d21ee07576c63c94e08abed5ee8f |
| SHA256 | f6a22bec49db24dbb71801da4a3f037e1fb475ab20045421d4efc153e9db243f |
| SHA512 | 0222eaf721391f11b5b91e915a7b563ca3baa87650c22a59756e737a7dbcef581c44b99de0c069ab0ae8de21a77633c36fdd599d6639d2c0fb50ab29008d7aad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f49c17bc6fefcc3f0757778587aa6f1a |
| SHA1 | 63977d537335ffd1dcd4d75d3c4477dfb5982d80 |
| SHA256 | 37ce71084a9c15849b0a38967a37faaa6b880e0e6c093e28d8bb2cef62c83b98 |
| SHA512 | c60906df8ed9e6a4b60a347907dc55ce9c67922b6fa332a3c77f13bbc85fad2475b4b7ef446f7026f44ee9cc18d0cbd126d0b6b6ebe7538a47aa7798f63691cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fff2673dedd4b45d64a565c614f621b3 |
| SHA1 | a4478c925b7b9950ebdaa837ece054790548e54b |
| SHA256 | 2bb22841b6141de7a8374a9ac1c5e1c6a147e610ecb8784255ed61a52aa44963 |
| SHA512 | 483ac7a0d5b086014930f57d32d5fdbf4de9b7906cdd2e033a9306dcb13c49418ab1920a116df7a6ddee43dd703652a077c44da3b07a9b9628d1e762a1982960 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a2d97e67e044d7b21d0711148e97b21 |
| SHA1 | 3a4c28d7222adf23216663141524d3315cb69d56 |
| SHA256 | cf68c2f9433f7c0a0e4ed5916eae9e2e7e759e228a461e31d2b80c590cb98956 |
| SHA512 | 1890d5cec7400814725f3783f7d1a55469f80968920f2f1158cf3d4d2498d4375a5d7fad0a2bcb3356268430e62aa9756527558ad5044828f3e336df553df55d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83bdff01e4b79790f4071a9a7ede2e5d |
| SHA1 | 6d8c822f2bcad30a2333743d38a246f6f3a8f503 |
| SHA256 | 0603474fe5629f9a9eb1af97e729ff8be2be5230047520a668587c214ebc8f35 |
| SHA512 | 2494b23676bf7ba32fb78f52c83a7d6feea7ab459422bff6f309f829b5902b2fe37d14d67f70d081445c90d5fa5c503313676961caea0deb8b5316f6d8009d24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab15c765069c9a3aa27765bb95fbee5a |
| SHA1 | 01ff75a47af73140b0a85eccecf25d4c3f6b4a0e |
| SHA256 | 853e95fb626851f7a33a8a6c2fc6ba5ebfc2a1012d6a2b81572df926788ad282 |
| SHA512 | 52a1a07769183029b8368aaf4a8376f785bc999b71ea1332a270dffdde958624e5b32b788a9bd8294e05c3cd7f6dd38204e9835e12ed9655bf333a545063e27c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88ed127d67593d2cdd12feb2cb975f5b |
| SHA1 | 84b3a97f7ac3c99fcf6f938f11d75ce3ff07a475 |
| SHA256 | d7a93a2e93a9d3485c2c6d4b0bb37899842caac0c2a5a53c823110539a5d8f3c |
| SHA512 | a77fb9541468bd73ef85342f2c05d2452e7ded55f7953beb7be24fe64fe316704f15ab9094ca69b8535b8ffe0056113a1b207ad5794f843e7937c131029fce2c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 941d54358f78d534f25e7cc65005ce22 |
| SHA1 | c0900e82b4866b95f46abd52f88573c86af074c8 |
| SHA256 | a54ed3d6429fad6a75e1bd00211cdca171fcbfff3363f55f44828d5d8e180511 |
| SHA512 | 07376cae7aad7a0c1d482717c5fca0099b8721928c384eb9ed5232f9b91873ea8aa40fd22fcc6723fdb31d0b469d1c871beb1455bb750a79deb7c7f6cbd6b87d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 683ceb8d2a2581e188c3a8f1eda3cd21 |
| SHA1 | e0016c1cc8e103e7d59e3f9339e018a0ba4a9293 |
| SHA256 | 2cc5af79a2fd14486ae4b9965a648ed03b1ed109ec9d65221881d31ec8807bbb |
| SHA512 | 2c4c9d3de22372163a8d762293fb4affc06aa744d7c4264c1d38ed1d406eab761a37e453cec3d229be1777c78975ad0aab6ae489607a4b220e7c77e094ff4739 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 838da8856e51a54e11634722dc78f3b9 |
| SHA1 | e27d44e32426e679eef4fab1a87e9c0e255299fa |
| SHA256 | 5496d684f48e9d135d1106a84e6ed3e85a2bb070e720a038e570e1b799343aec |
| SHA512 | acfa187a0c45589eeb28f2e7f1ecdfbeef1540e9d2923e0cfadd09cddbf913a5c363a3d6e16017ef45bf7373741a4dfcb5c9a688f2378b7ccdfd9cc4f6e1572d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:31
Reported
2024-06-13 06:33
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a436cc3df24e3d71c81689a876726b82_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3548,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3812,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5292,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5460,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5468,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5956,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5520,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 89qsh.69khz.com | udp |
| US | 8.8.8.8:53 | 89qsh.69khz.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 89qsh.69khz.com | udp |
| US | 8.8.8.8:53 | 89qsh.69khz.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 89qsh.69khz.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |