Analysis Overview
SHA256
a868d8b7a0a83a8fec65fe4d72d931ff69d1145de28879b275ed59597e249539
Threat Level: No (potentially) malicious behavior was detected
The file a437b8d26e551dd271fe76dd8dafcf99_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:31
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:31
Reported
2024-06-13 06:34
Platform
win7-20240221-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422166" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006f53c5787f0c894c8d77476ee659699800000000020000000000106600000001000020000000fe3c75b7944018ea06151d4605735649203f2f45e04d7de702c303a0e3cf85d7000000000e8000000002000020000000fc6f7b2affa2f72cfd26348244930a4bab62d19c6cb904bbfa3fd078461ba8b290000000ad0b4df1d851cfcd70846a630498c302744da601773d1d56c8fff44b8b4aa33de1b150c47b4034be00ed30f2bf8a1d496bbdeee99eb5b8e4b17e9bc2ec46a930d087b88a7e71cb920ea7409a47a22f6fc588675898adeefe0d0d970fdfa9fa084858c36dc93ea1b0b2ffef5a6f96fcd0b94fce8615696ed0a7a97127a073432fe59566d84a51d28422e378b8510fa1f240000000e41c378287b16fe018235fd8884ddb8434f319f39d62fe8e46bbd56ed48dc5f46586b5fb68996dbf1b3525492b60a55b8e7a954895894c3795d5526ef558868a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{96A52D11-294E-11EF-A34E-5E73522EB9B5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70fed3595bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006f53c5787f0c894c8d77476ee659699800000000020000000000106600000001000020000000b832efbdade3053e131221774ed5bd9223f4e8c4be541d243b830c7bb2bb9bde000000000e80000000020000200000000be7bad1c22a94957a06d27b0a919250989221193b7c2bcf0e97b15ae66e3d3320000000cb12872e4df1ab12dd684bcdf06188669eefc31ed60b97a71f081acb6f78af7d40000000f21b2fdbd3cb7b34a2da1a278ee2625a5ad65cee1a5e02a3a76c93d0f5cd95de500ed83cfeb56f1186c7a9c2a38708d75d9f7d27e08de54882357cdd525db949 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2236 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2612 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a437b8d26e551dd271fe76dd8dafcf99_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab43B7.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab4484.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar44A8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b9e8e60d6f916d12437975a2e28d39c2 |
| SHA1 | 6f0c82744bca5c342633657d1fa5cfef303a3ee4 |
| SHA256 | 74587ca9f3e8d5746d328db29f1a0dbdeb66c4bc0e369ec7175b2b4787fc307b |
| SHA512 | c08a00696b96a0b9229622f1cfc6b6a4bbfd86d123b63fcbde2580e4f123a1d6ac0e8164dbc041ca0fb2fc61ce0a4c9f69dc77c80e23fc06a6d9f6d43c0955ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed559749c0d82a4599f86a2826fdf9ef |
| SHA1 | d7441f5fb9e4ceba93a01ab4d830b358774eddac |
| SHA256 | de06332b18a5135668d32be1089b824140f9bf0e49a005b2cbe30871765b9598 |
| SHA512 | a147869fe62b88b574a863427689eddfcbe6aba690f90f8666e8853002923bdb3450456da68195cd569c93b5aaae675de0c7e9ede4aaf7a38b1d3a68023e7729 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8facbfe711c362ea74e6f68e8dd4836 |
| SHA1 | 15f0843ca88611fcf9d09cd07c4be3cfa0229f28 |
| SHA256 | 52b3907b4d605ef9fb0e63d374684ce06dceb17c3e2d217a17f62dee89a8f05c |
| SHA512 | 82dded968c2a5b1d1a6a276701e763fd37074fa72c8b404225af2ab1df319d381c74241e19489e90eb357a46b847c2ed2b6343359afc2eb639707ed19aad41cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8b509a6d28b7b8e484f997a92e42e1a |
| SHA1 | 8080cae7d2972a3c401444ebdf0e77983464d16f |
| SHA256 | a03a4595133fd65d00031ec1c3e23f5aa76b969d2967affa6fd67d990b7798fe |
| SHA512 | ac0cf9906b2e7eb48bbfad17c42c711738d5e9d83db7c2afa322cd7022f0eb9aaafb2d16dccd66e045ca68f59328ff0ac1ab3d2eb3826dea6f0f9a4ed6b93584 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 461dbdfe80e7759311b95bea391361d1 |
| SHA1 | 10f783b3c49d7b0ab1901bd93935cbabc4f79240 |
| SHA256 | 4bbea06b881a8e158f9c63ea3449ade7b988ea0283a1f9860c93936be7ea368e |
| SHA512 | 9155a2c17b74bf836a8a7fc1d77d098148c0145d1822b70e723827e8a59abbc22e5899fb49f01cb06c9ff9998861ee5af29be8bc2c7eadbe421682afbe15566a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8977584600334942c48b1b5a07ddf93 |
| SHA1 | 67fa8cefb9675a2a39ba6d36c0927df918682505 |
| SHA256 | 2161b6049230d14ef2bd7bac23869b099fffddf4d5d54c65ea8d97d3920bf5c5 |
| SHA512 | c012bf774dc4797a67fe4ce9ab730ff79453af1d7e7d003109118bf0e127ce0e9d7792d71078159c997202aaf7462f2f1a49e03d817bcdf71697b0ad886aefb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa2162f9a2b37f25e90e45950451179d |
| SHA1 | 6bbd07dfcb5beb2d859e6fce12089b36b6b2ce4c |
| SHA256 | bd05ed3d286ad3985cc48830559c50eedc1b3a4f3f1a4cb37db255b06dea3bd3 |
| SHA512 | 8fb87fc3e437435cfb52fcb272f40e9201d0806a034b7a718f1cadfc43afca08d3ded25a403a0436fd9303c34990626fd43c1ca0f21e92854b5649e44e6c8318 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2037d15926fd531eca7ea862da28a918 |
| SHA1 | e7aaf69a21671aae331739565074702dee9d9eca |
| SHA256 | 5f1177178b353fbe034b839c6363457a4ca8c5e6d090058dae7d469891cfffab |
| SHA512 | 1ab52120bc94a7af5d9dbd95d2708d2f2dbd2ed88cda725ab8b6c13c758b25179c45dab284934ac3194d5f64d2541f91288fde35810462fdcf8c921d5d4fcfc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d22aa60fa1e5afe67c009cd2b31c9944 |
| SHA1 | 3b36b58925612e4ca7fa0f652dca00058ab667aa |
| SHA256 | 734ed6dbb55e3b78b5cc8d6ca441d6138481c7e4a11967e01a6b306b10e780cd |
| SHA512 | 249dcac22f48094e761b49d2cf4e872c136ebce18295338ee2d55241c2f736b7a3807b30c976a045ca808075d9bfe1ebd6a5c1416b1846c9ad39b72d55fd3d19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca070cf6630667351c900297d9b6d1dc |
| SHA1 | 3f95e81af82d2ba44f9b48af0054cf462e7f2dc7 |
| SHA256 | d5e9820f21d183f4ad5d2671af258b04aaa42b026af2a1c2350dbd8faaccce53 |
| SHA512 | 5e160b3cd2ccb868a85f4b3f472387da0d560c039c8a38c920713aa12536fd84a58aba19084b7dde270f50042308bf136254f885fde003a3169254e74cc5853f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c51b7575f557d6bd0687e12b964c27a |
| SHA1 | f6a81889e1002224cd03f04f91671e2f7b6043e9 |
| SHA256 | c20698e0565626e3a1edac3c53f07bfbbcee25b8add3ccc6bd3b919155a7d631 |
| SHA512 | 018dcc026accb076c3171cd101a1e02a7091d08a37edfe4014eea58fab21344f357e6d903f7e2c41626c6fb1578cb19132479518d3828cadacc604338195e3c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7969519a829a9349d771aa68492d1c1 |
| SHA1 | b48f6f6eadebfc72c5433df0e05cfa2c963913e4 |
| SHA256 | 69dafa39ef8dee3a54883d0a7a81384197c43c931cf6f143fb033812e78f7473 |
| SHA512 | c2f2aa588be29e3c676d056a424cda0ebe3070bac38707bde37bcded35c680687c69b98d7328795360afa925c5832a2f6ad4e81b7a4f6fca5cc3da6c7f3fa701 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f0686e60b211214017aaec97ac028a9 |
| SHA1 | 3409cf0de9dde1171407696458366d3ac808d48e |
| SHA256 | 61b64facabb05ff931655074d7b142be6a913ef1c1b6bdcbd4569a603cd33154 |
| SHA512 | ccd83b5b228b7655429adf24c59a01b837de1a637e86f9fa385d8509500c58b365135f45c13c2083c499ca7b6863c38d328e2a7aad3908c2bfb139c4ba25d9b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bdf23d1f1414d38ab02657e0a7f9af9 |
| SHA1 | b907c0400cd736dec5512a03ca7627a8e193a7fa |
| SHA256 | 5dc68bb56d05536a373830a6284b07aef73e68042dda789b65d2d02f97e82ae9 |
| SHA512 | 4d5574b7687c0a99c3aa2b8c718a73d14915018626a20e75781f47b26b6a96af490be959e13a345ff6cd7516892e7449ccdb543d14b43465a40db898d0bc2ec8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03790da05ee4681cc24150b3971da807 |
| SHA1 | 4ef58f8c7c5ee5f3495e3febb4ec5ad746254b70 |
| SHA256 | 03a1fd2971fd06ea2040dcbdd2a73fe5661b9c8de659a4acbe2f4efb78b16cc3 |
| SHA512 | 6fd20efbba64a7914f8ca9fa3d0e29ed2ce6c3989ff52ee206cdb0db5f22d662f24b7f5694a12210c5cdb342e0b71a5bc9b0d81a3a3a65a1de67cf8f051b2bb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 730c6ec002bb9bc0993308ebbd6d8373 |
| SHA1 | 9898bdf5fb60a80fbf9adf6f52c1b769055a433d |
| SHA256 | 5f6c587d63b9d097e4ca697319fb95c18f68181091ec5e0abcc88dd61717b2f5 |
| SHA512 | b3ab8fc7751919e8675601d453cf86607f51690c6702ddfbb200c6c358bacb574fb33613cce65a0df801f2e24793590d4b47a901e04e80733775e4876c9d9b8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c328ec0b8b9d772dfb765487f08a4663 |
| SHA1 | d96daaa9a112a4769b7f75b5ca92672a2d965cf2 |
| SHA256 | f39a0eee33b89de2d96a72fb6c4c8fd1207c761d8abc87d178a2c39d29d68cd8 |
| SHA512 | 79a59eb699ca84f8700ee8066882418f83fc5c47b38be9043883d50aaf52713d8b85f350855c4065f665a76b18e1e0387f9eec29bbb7af450e620e8f9d89ec34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2717b77131eb42a1330c7e7de92066fb |
| SHA1 | aeb218e2346773d92ae253b7b503a461059f789b |
| SHA256 | 423b42f92ff6c628156cc7e58acb1ae1b4b56f584f23bbe26538769de1895f1e |
| SHA512 | 8510fbf604555a30761320bb55580a793eca373bcaddb892bbcc292b12d365e11b6b9114b0bb901753cb5c986ca719e9b58dde99fefad9efe15765c0c6caf008 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40ab42a9d33ef90ebf9c0c55345fc66f |
| SHA1 | 8e9be4690f77227c494eec69bd859a8d4b2186db |
| SHA256 | a6dba959d8750ac94438be850f7d9c36a09420419ace08626177cc8c7767d1e0 |
| SHA512 | a0b19342601525db61f95a0d292a0f1155194a20df0a4c9128de343aa07e8503d51241c8dc6ef3b9f216c3b300c8ddc45af65cb5800ba15e3ad9db52e7c48e08 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:31
Reported
2024-06-13 06:34
Platform
win10v2004-20240611-en
Max time kernel
132s
Max time network
142s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a437b8d26e551dd271fe76dd8dafcf99_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=2824,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=3964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4192,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4212,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5544,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5564,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6024,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6048,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5980,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5412,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=4860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=5432,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6384,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6444,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=4836,i,11049150160560877369,2866371920339304689,262144 --variations-seed-version --mojo-platform-channel-handle=2892 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| NL | 2.18.121.10:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.146:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 146.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| NL | 23.62.61.146:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.169:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 169.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| US | 8.8.8.8:53 | diet-4weight.com | udp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |