Analysis Overview
SHA256
36a4d8040a5bfe93cff910eb5c20cf565a8763cb1e56b4673e9ca3064b835941
Threat Level: No (potentially) malicious behavior was detected
The file a435c06247b9e91a626e02ebfd856264_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:30
Reported
2024-06-13 06:33
Platform
win7-20240611-en
Max time kernel
117s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c08c04505bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000e772ca0c73da30ca390d6f826dff132695d77600fa8f084d192f964e9fa239f3000000000e8000000002000020000000ace688da15f52e38a25a57ec56a49c18a7883059d9e5ea462a867f404815fb8e20000000d9166a8ee6bc5eaa57b83f3fc3abf42df7a2addec3e9f6b5871e30e253a9966840000000c2f8430ac55a9f744e362a258ce7fffb2237b7065a81b4df29985910f77bff1cffc8b9ac6a4fbfc951fd6ca06a6838facd65afcecb81cfa43ed4065ffa718a2e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{783D4561-294E-11EF-BCC0-5E4DB530A215} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422114" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000003e9a6e6311210fd38883644184e310e5a02797283c95fc13c361b6223a464542000000000e800000000200002000000064e441cc9e6ca53421760b7a22005aa25d949a902a171cb5d814acd3a387524990000000e65693f7d95bb6b3bd77f5e19dd89a225e3a0cbe02b7f6b7587b2e09658f0a2db137f1f4d200a0ad5a2ee097b12501801ce636917296df1c6ff4d8374b9af1facfec57b719140ef7937ef02dfa7d551df048c9102f6f73120d78564ed857365a152b5cd53ff40293288751aeeabd432d1a49a4c25e469ce5527bcacac4693b33575c837406ae60dd2078f65aa61c26884000000088a2c1a25c46a4b0485f447c01f082f06d2f5e43eca82b1b25ae43b9f85938aaf59f51323ca98c98349647b6a4525e84afe291d986db8008f6eef6057761a650 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2952 wrote to memory of 2960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2952 wrote to memory of 2960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2952 wrote to memory of 2960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2952 wrote to memory of 2960 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a435c06247b9e91a626e02ebfd856264_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | authedmine.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.21.57.186:443 | coinhive.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| BE | 23.14.90.73:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2667.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar26FA.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b3d1e5a0aee6e8b9d91449f8faa0690 |
| SHA1 | 32ddb5824e5daf28e3d3cff040f42be3473bce87 |
| SHA256 | b8807bfd13d992082d431873e7b46d27705bbbda88c9a6c71daaedba463d9e71 |
| SHA512 | 61ffc3d74972b7b17e350eb5b40b49db0a2398c7c64e66aacd20a9a4e9bae08799c5a836f5a5ed20676f765f69ea4b0326214298955119c9de5a3557363bdf48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42780b66aa804ced66af2cbf2ecd9840 |
| SHA1 | 2913ea96240d457205834570ddf04fc9f1f9d5d8 |
| SHA256 | 6f6896fa665959105bc8568c80b78aed0610ef43f9a11d36b2edd77996de9ec9 |
| SHA512 | 723e6f0b1461fe84de0148f061fe191c26536d7e15bd28df75f3db0af582ae6265a411901eb651349f286cfafb9de9594a01d56ac83d413ea6f70f9a4e95721e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32f21dfc3ca86b5b45907d20fad4b915 |
| SHA1 | c0e9d888024ec543d1aa2b0e56c1cb2aa20ba664 |
| SHA256 | bafb699735d0dbfdb64b07ece8094279bc59a6fa0bc7945a7cd0811bc1e72450 |
| SHA512 | 4de073ab1d5c5aa9a1c587ab4104f3c49db4e1262c8edc4b42987790ce5fb0c77a7eba297fb5b9240d5cdb1d181361c3bd5a485c1cfb027f79d854b2128f2f67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efc13e82af55b85b2d54022a138b3e27 |
| SHA1 | edbd72d484af129992459efbf39675df877c91db |
| SHA256 | 1a3abb1655cda82b032a901d91d580a94ef05ea0181d57fb6c896b4b4125c90d |
| SHA512 | cf4dcc4df80f0f8b6dba5c456bee5c2b8b9798cd99e34e684f4cec2fe2ee4a07c3a159602b237ff12b55fca51155cafddd1e0056048e5441181e57383814226e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | faac7cb2e89c7a9ac2409af86a997c0f |
| SHA1 | e062a962d4e0d1387f48bb33530797cf73ca88e6 |
| SHA256 | 789ec539686658a766f326db3b6487e158236faba8478b16f2840fe0f77bf141 |
| SHA512 | b13f562762e4f07da9313e072300a3212e9d32fe7ccd5f4a328e84442d42de51ec27fe422706a2e90c5e6c4a4d4b7068aa87b73df95700a9d3cb32d6dc26e696 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fd51924b4559f9497da28c3aa7d6192 |
| SHA1 | 3b464fd05881d98312eed9400a822fbad19a1ce7 |
| SHA256 | 9d05fe9f800c854de03f3dc30707541678fe754f3b1e4f67d98d49d3489b1580 |
| SHA512 | cc1504915771baf46c0ba84a35dc9adc0910ecde62c8ce2a28a585fee3a2761608f38f3cdaab237d04c796523de27149262b07d862cd8062b64ed3cd8a34a04f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3fcd0debb22d036e5d20fc515f590000 |
| SHA1 | 711c8f3c55565af27d388d4b6efefac576c72e10 |
| SHA256 | 60e1d868df0279750d8ef5607d98a935911dd4a554538aba26e6d1345ba45588 |
| SHA512 | 908980f5dfd3c15c0d31858d7a2cd1fb968454e3711b29ef028ed38b0dffbc57f62cc4d5d5fbc73fcda579533e86d5ff5b53368cd745a5299be0178a92f661d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de2a127a03b068ebd2e79c81acdd311c |
| SHA1 | cb0046375fb6a0f14c6aee8b37286057e4fd957b |
| SHA256 | 3863ceb20f121bd2cad846bc919730aa7133f3cbdc5ad717edafbbfe416defa5 |
| SHA512 | 8f5ad58eec0d24436f6fab689d844e9e3d012f29abf161198a671f3b9a82c2be2448601c9b169c7628ca28369020dd27bdb3734665b7f910fbed9a3e532065b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | c5dfb849ca051355ee2dba1ac33eb028 |
| SHA1 | d69b561148f01c77c54578c10926df5b856976ad |
| SHA256 | cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b |
| SHA512 | 88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1
| MD5 | badfd930045fd908a95f80891bf67e5c |
| SHA1 | f2e3c0119946e71e8654e164e9bec916fa370b97 |
| SHA256 | 0436846d8389efce3dc36de639a0ec5a5a607f007c8eeed27a854120e8778a11 |
| SHA512 | 3208bbd7e0059eac884b95716257aea22b1fa00ef08eb4c8988b863db8646f71df2b78994cafc52b9a88f616c76d515ca3e6d14d498fa2bb017ac968433f02bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fdc15af0211db099e1d7d5b2d776a6a8 |
| SHA1 | cdc6707bd4c0e1683661c3ad9e64133c0fa8b986 |
| SHA256 | 81d6fb3acf152fece11e38887d4462d65e12ff99ee3a159684d16434262d7178 |
| SHA512 | 6c1e6f0a49f3c16bf4eaca41bc4f9a1bba6803e8f8c95effcf8210a9707e4c1623823a3c2f86a25cc99a65fcb5d22dc905a7bb23a07e02148aa53262c775ce8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8f3674d5994defbad1805454e8a636ef |
| SHA1 | 524826093dee4e57f3066ef0aea130c818b41d33 |
| SHA256 | 601feb27e4ab0aad990fdd194a4026c486c2cf75bdd889c7299c6ab9e53efc74 |
| SHA512 | f32990e38ee5a1ba8323cb55bc1d5294d9b380e2b332509a9d6472a669e8bafe5b4b0e30f651528a4b0de67946745317e533bc3f1c40597fbe85a0be58ad2f18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2db4b81fea2e78f5b5b7ff522820c6ce |
| SHA1 | 3bdd09290bebb982931ac2f07cb6e3a3a3fc06f8 |
| SHA256 | 7fd1963da6f8a5cbe02847530a80a50733dc6d0168f9a2ea54eccc671eb6b44f |
| SHA512 | 9b47c7fa863c6e807f149245c748906e3b6c92ee9c04fff5224983b3f27e460567723e8242aad26cd8da3eac818b03ab918c8a8d63416349191eca991bad0fb1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9b85494bc62eed18a9b9f4767d59e6c1 |
| SHA1 | 38aa7f13d65a5369dba361242962e181f9e16bcb |
| SHA256 | a8c744c75c491a4e571f53baf991a7f721fffb1433477b44ea3f31b3b79cad0a |
| SHA512 | 3f0cddd130ad80b3867810a26b024f27163a8d12f4f6fda5dda156eca27f07c7c77ad89c3e0db0dc395940f7b2bbf3cf6fc8a246f68956103f0e26118fe988dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95f97dc458fee68c8e962f969cfbe12d |
| SHA1 | 614d5c607ab575bd3a0030e206cf5a14432e3c4d |
| SHA256 | 5e3481de091053fc7dd9245ed98271377a2d4f8c36ebde9d24d12aa5deb7ce08 |
| SHA512 | 851a5537ebb5b7be8385529d66959f8b48e01592c21ba7c8a15f97dd9e5005b3ab6b405a88a5a162ff7e11d4211e556e6d00ecc062970344d64934bc3564dab6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 181c20f6184009d25bb24e3f122ebd29 |
| SHA1 | 87f889e910cc4d9a3e5e3f56bde2f6f810279638 |
| SHA256 | af17fd7a9f597accf4fc60b4d06a3c61e8930081b36de3072c7599e1d2d372a2 |
| SHA512 | 85dc6c00f7b631fdbf2cebb64eca307f876d0b0f588a82c5cc06a8dff717ad79f59c3076f0c317e2a03f71448ffac61c22569739cf719ed14e19aced19ce7dbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 039403f05fa7d894139db1505e4b144b |
| SHA1 | b2465baf2177dd513cf96f5d28826a5112cbfb5e |
| SHA256 | c276b38bab5aea7ffa45ab0db13765bf10ea2b409e45b51cd1a4585b6f1ba3e1 |
| SHA512 | 6464f49504949b740b4ca134ad11236fc8a0d568cc48e0f9209e95e1d401336e73d2a6eda62853faa91ebbabe57fbdc98004431d1f85b0d8376d3231de6b9826 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7acc344ab78757eb125e793435ff89dc |
| SHA1 | 99bac9460c25d89a0da0e64507b29faf39fc9a83 |
| SHA256 | 8758f175f487a04f7eaf880a6c2c8a9a8edfe8ba91de0949099d5ae327daf49c |
| SHA512 | a9a5e7e1dbdde64f22fab0aa9210a934ada05d7f26b88cef3eed7d7287f64c6991470bb942c1115a82059156a5f14f2230cd5c97f5bdcec97de80723590972cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cd28c74f197c08732cadb40137e4685 |
| SHA1 | a4d04bee5534fbc4e2043bdd36735bf31d79ecdf |
| SHA256 | 389ed3d9f27d980a17808d3fade08f6fb7316c975fff5d27f3a4fccea7b67c68 |
| SHA512 | 6721124cf1b6b1c19efe55d77fdfe17b0a7ceb7766c75497e30b701e4191da729be22fdb9820250bf904d48cba407f9459a6ca2f66b47a67468406ee21024c8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa662a971e13710534e092334678da49 |
| SHA1 | b786af40ea2f2d12423db78890177e92cdc27b0f |
| SHA256 | 9b482a63bd70b9229d5691e354b5c6b97850ebe3c07633a25acfdb3d1d8a3698 |
| SHA512 | d68b16e2b67b83a01c23536acf081189f940e320be960c488f9c48f98b209c88e71dd7df7f53cd6913b45c5055050993e02935b0c91370e7f9be6a3eea326b7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c306d3941df46a9657ead0967318fe2b |
| SHA1 | df2044710e5fe89f4ba7f14f07f68d22557e9dd5 |
| SHA256 | 9b7b5731aed9adecb9a2568d54f098d3b61dd7be3b92f8e6c8434f13a91cac22 |
| SHA512 | 3fdf37eaa936ecbdc489e856f8338ac41cfee67f58e0d5bdf9a06da2e468475e3d9cc372923799c34e60a7283165eec5298dc779e09c3996951b13728d799183 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c95f241e5c21bfa5c0a11e0303664a89 |
| SHA1 | 217fc6441bb8745d70bdf18f65d9d0ef3c7c7bb3 |
| SHA256 | 0380b14c023641080ef522a79850286e91b0ee9d30143be88048f0aef3e0ce7a |
| SHA512 | 460eb79f443605f01b5abf0c2e81693c16ec4d6b685f79bd4603624a08cf47b8135f69b4387cce2d92f5f928528cde5a6b3b6a08d8c3bb0069b3264c61fb5cbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef477160612a39ef902e995e75ee2666 |
| SHA1 | 9070d9604e3e5a8ea685179cd88412e025602810 |
| SHA256 | 5415f03c00f2da364fc76fc390ad0b1517b926f0d021a82bc62b3e64ae4b8838 |
| SHA512 | 0ed82a9a1d9a81608fec348d5f133512639385eb95a99404c2cbcdfe8ade80162e2f16d001ff998a92ffb97ec63bf6e24ca637be8f47ac629543c2817a74518b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1812bf3966f20b166e28beae3d9d340 |
| SHA1 | f50b80b45cd59ccd91d761f861e4e3afd9c3b9f7 |
| SHA256 | 19284fae80ac7288c0700768726aa5c953ca3ef62965809596a6bbeb5b373002 |
| SHA512 | 318f2df71ba27fa6ee1f593a301f5b4749c80bf803bf0f4e2af6126cf8f4ec262f8bf0b15e0a627b21ce46d4c3ab25be1fb8b891f3ab3c7dcf69a123dda4de9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10ad50f317224c5b7c6e12601b0b7fd0 |
| SHA1 | 018f75dd83e2d1199468c4ee6c1ff509adc9dad0 |
| SHA256 | 674eefbd3e069ed73c32eafcfa4c8b52e4f12bb998010c4f4ef918fd15c25d93 |
| SHA512 | cebb026e3d786a5e7c1365a3c21687bbc641523969fcbd942b6dec2ae6c96b79698d659f00121fd3ffb0e2bb43e4f05d274c7acea578088ec438b556311f07d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c259d07f6ed607b81f6e986dc7ccabd0 |
| SHA1 | b3009fe08e17d78e9c38e9382569f65e167fe862 |
| SHA256 | 8cfa1a546842fa0919936a4e289254884eb84aa0f552f043fa17b0ccf916cf81 |
| SHA512 | 5ac4d127136545b35a8860cda453f7cbc071f37c63b2805ddffb2b73e50004673a046c6684dd3b3bb401b28e1d2aa08d55d4a8f8f1700d5fe380a8638db55630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 55f26a97c5fe1f466d303f3d79e0e0a8 |
| SHA1 | e04b26888cc96a3dc9db0bdf9283b241aceaa0c4 |
| SHA256 | fc6f660e58835240cb38da59956486dbba9c98f1c9b3c83becfb00e804d3ffeb |
| SHA512 | 1b6ede923c9df1342bf2cfa6cba702538514d17cccf3bb88d8b8a6df160eb065053d9aeebb5f28b46979d6c7bbe615ebbe3ab7addd24a2b441d4adf92d1e95a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d24a10baede6ecb00649d4f39a4a12e |
| SHA1 | fe9dcc871ed321e1b141c8880486dc8ceb2d5115 |
| SHA256 | 5b130efe534794a0f46cfd539c818cdc90429f96b1423dac5545de7f6814d7ba |
| SHA512 | 704c9c1abffc6a91473da40542c641e9de20b67e84427c736dfa92e9a582fd70728c1ca90b867d91fe48ad79b77b7daf1bd9f373235e7e5c6a0a2ce36bca4559 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adad4e0465509285cbec748239b773b3 |
| SHA1 | ff0f6e88be6ca845439747ed9a7fc2314e3f92ee |
| SHA256 | e0e2ae37523d6a6bb013e5097c122488c178523f8cee7cd4800bc25c4c747572 |
| SHA512 | e7483a4afab27d9e72a62db250dccafebddc99300058bc7aaef7aa1ee6662dac6044699356a3b68c56f201daedcc1fd577e1786cf25a49150c1ad995f82c2df5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0e27cb444d1b6d45fc63debe2a8113b |
| SHA1 | 7ed6f0d9f4a780a5b86d3831499d3c710c103b13 |
| SHA256 | c2c0be640e5561f7c2389cafd94327621d890d2bf955d1a93dd5a6472c523b6b |
| SHA512 | 2df2510adad6e5c12f9bd45b03d580afb427c9ba13dcb7e55249266eef7a3f4e93dae43a6b75c3c090f1d62d70cf08baa4e0f0aee4d3b766f52ec2483f3c9763 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 589214b45a723e6888887408b19725d3 |
| SHA1 | 419f12f87f39d98f3021f5fa1fd63e590362f1e9 |
| SHA256 | 99b552bc19652dc08b7054e9cce914700b9b9558e3cd14b5390700f634b05095 |
| SHA512 | ff298cd14759334a10ae557bcc42e979648cef2df8b2663a63ab6996c842f26fa4a8866fc0edfb1e0b4425ce5c16f228a45d1d9dc4237ac396a1c3b0f9618a13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cec6fdbfeb592afe2baf06c5e1750026 |
| SHA1 | 4491956e94ba39e11eb08a9ff286b3c6c67be4d7 |
| SHA256 | 48d7f90258d56d29996476b77da631a7d223beced4fdbf9a9bcc8539334e0af4 |
| SHA512 | 95f3431daf4d931cc38f9da3e7270609674d0d8ebb6c5bfe8d91c22d613a3756d60080ff26fe72aade282cbf4b9cf03ae402681e04871ae6a97dc6aede35bc13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eca2f23adc8fac9f0cf38b720d2d9c82 |
| SHA1 | 631e94f156baf614c362e0ecbbd49a0393fe7b63 |
| SHA256 | ab9865ea42884b091ce7a5013e5c61966a35a5c1dbe5839debfacf9e959bf848 |
| SHA512 | 4cae99d9ae4bb797be8725ddce478ecccb66079dc9b40da2eaab7f34312cbf2fc46fd25420bc5c79bbb4f96f2bc833579d862224540918001ff55606415665ff |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:30
Reported
2024-06-13 06:33
Platform
win10v2004-20240508-en
Max time kernel
139s
Max time network
149s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a435c06247b9e91a626e02ebfd856264_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3640,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1300,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5268,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5452,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5304,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5272,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6336,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=6320,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5752,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |