Analysis Overview
SHA256
4ffd505f29f6ba871cf2c2a311d2fdafbb52e27902b89d5715ba507cb0ea2b14
Threat Level: No (potentially) malicious behavior was detected
The file a43a6f0f2960723360640929864c9e4c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:34
Reported
2024-06-13 06:37
Platform
win7-20240611-en
Max time kernel
119s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422348" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000938b8bd2d48bedfa83d18ff62fe447a03a85913d09b600b75674f2b8c42bc9c0000000000e8000000002000020000000cb7d4ac9c3fd7183c6a6e40577eb10d4989df7abab9ca753de35f3244517a8e2200000003c7b15aa57df383377cad254813a14bebbcd19e71e6dea76800c473a99a09e87400000007aaf2396d4fa1c7eb96750d9b8befb9673ce9d49589cf4acd8ea1d0896833d04bf31f37cc79e518643ead49bc9cf96600116ab29b93a69bf4051f9f4793459fd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02678A71-294F-11EF-B489-E681C831DA43} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0e981d75bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a5c8f912ff5225ae961cec8a226b2fc270c5ea08e0ff6051acaf76ec5a2457ac000000000e80000000020000200000003451105232fce4b8228e3829f49434b72c58be41d53879175a902d9cde90b59f9000000032b2b2b757fc5ac78ced7bbcdb684130593158c0cc67817ccfad3bbc39d663083efb3aa4c29e786ce935529ff0b00f4d74e265382c0bfb7e97f7e5bd9f2f2f00584fb2ff8ba5e314bf6f46dc52182df5ac2736da44b61be6ea099b973d6f14cafb8f27215a08399b388b40ee0beb48506411ec6b067f983e2da2584aad5690e030ea7ccac7d75c2119c1e91c9346deff400000001548b5f5c2f5f4892317cb798e87b1ff267e20afc3222d150e233fad178ff6ebe29a75fa8e58904cf8f9369a2bece37ac9bdc050a6ed578e8be0ee73a92d6357 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2264 wrote to memory of 1372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2264 wrote to memory of 1372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2264 wrote to memory of 1372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2264 wrote to memory of 1372 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43a6f0f2960723360640929864c9e4c_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 103.224.212.241:80 | park.above.com | tcp |
| US | 103.224.212.241:80 | park.above.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8AF3.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8BA3.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cf68426478cc16453127cbe5a41aecb |
| SHA1 | a2e6ba314d07ccf5dc0bd64ce352a78db82d2d88 |
| SHA256 | ceee3d438541c2318de77ce3878160b206bb3df0a0e5a0f52cd8ddc840481d28 |
| SHA512 | e24439052d652cf366aa5bd2175f1575cc23eb29c7eb8ac3aef3c41d39d75c0abf844c281305a24bc1aec503c3b8c95fe3189b2bbad7646016f995817df92d87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cf2865a138727580065422ff0bae3a0 |
| SHA1 | c519c8200adbd897e92ad589da2d7f42d7bdf064 |
| SHA256 | 5b976800b6e845e80167e0a0ccf1773039e597c67d45e4080827d876f4d58ec8 |
| SHA512 | 9d77d4f5e918af5b7e17ebb61319fcba98eeadaf7f2cbee55e30933546dfa286b5903bd4c7d3c1c3548fb16705b4d2929b8fa2b4ede820eea4b1bbda681c984c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44c24d28df73ce65947133c834237a20 |
| SHA1 | a724db7a1f5e3e921ab158bb86cfea3a02997604 |
| SHA256 | 5c348e08a7bb027495b1fdad6127038aab5e6df96b994bf8fcd014facd5f110d |
| SHA512 | e6c85ef2b741e9e1c0c03f5a40f5fe8875e39a83b4ca093f1bd2e2d3708392787352c5231da79425dccd140dfb56d1a097b80e2bd92f1dac2b6dfafe2a650966 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52f016ec4246d7a7a3f8e1c488c214a0 |
| SHA1 | 55c1a9e70503fe1edc253ffc6ccb1278ef22fc2d |
| SHA256 | e0606cd3b3599877bfcc0e3f228baed9af1904ca97b7fff31c5f5d196f7c31dd |
| SHA512 | 54ad92712ad8dbe61c091e733e8e24104827dd7b80d63c1b7f529dd6f517a5769d9c983ccfda0ac851cbd7e19dcc018e929add16a9b0f0affe69fe5c969936a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f46fd207fdccb9fefa553ab94b3cb349 |
| SHA1 | f5c9f2e2d3837d8d2c2831005969e52b6f94bfaf |
| SHA256 | 3f253972128ff0aa800da38472258aaf6816fae22f26c8c483add6fe95a2b622 |
| SHA512 | fea7dc88b034ffb1ef62d241097faf703fdeae84e3e4ca2b01d8be7e20567a4eefcef1671a0033d9939eb1ec883ed43ddeb2ee115ffb7035591638313ca444f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1938719d512536c4f27c767bfe5b559e |
| SHA1 | ad78d049c70c3ae1147438491c01b60003d8cc20 |
| SHA256 | dacf60af37adbe21ffc64f65773f9a9efdbe179b51090212cba54f079e129e2a |
| SHA512 | 5316cd86244ca7ce7b15f0fda5e70c31283945e26e62d40082accac06e57490d18cfc91c4a5a3fed90d54d02818940cec4a8fc1e38057403ba1445f019a58825 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39b392a9ff0ec073a5b1ee9d1628f7f5 |
| SHA1 | 91400cfda3ea72d67a24e2d750246547ca84f2c2 |
| SHA256 | 07bbfd7dea7515f1dc9aae5fb250a566774aa5ea20b113bcbe793bf73e3ff17b |
| SHA512 | 5bec36084a8a63f5224ce0cf1c918c1805177b7ed5f1672cb32a0b79a75061b7f7f855ca083d8dae652f7377a0369a6b6e524ee04bd4eadde670f12032e14080 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d015f9edfa339fb5181f960e103b4485 |
| SHA1 | 0dc3cd4007e86c8e2a05a78c51ac9ddb42a8fb09 |
| SHA256 | 104ce352b26024825931fd0e50b3274940f09062f3e2cd4219370c74eb4bfc55 |
| SHA512 | d4b0d15a712194f655eb07d2b5b63d65a429de9b2985d7295673b7257391ad90afb28b45b02027ed14a23681321e81943ee36105f958b340e4fa46fde430d2bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e50afc0de804f18c6289a244e60a1fc9 |
| SHA1 | 397f1f6a741d95a1a1c839f97b549e0df74dac16 |
| SHA256 | 1328a69df705f549fbc0a052a85cc8b0b691d12d821df62a02d1055838f7d77f |
| SHA512 | 971c685baac6d72d35a38a001e55b10e71517750ce2497f885316c9b5938badb00c10ac2d6947b73c91524a34f8a428840b34c6d76ab701ce4661b8fe4a1de81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90e1cb56e1dee6f557f32557a9c87d12 |
| SHA1 | a8c2a7fdab2e56f6d8785922f4b11babec94874b |
| SHA256 | da1d6fbbd783d22b42609e457ee440bad615d383f6ac8b3eb6aa4051492fe072 |
| SHA512 | df41df42b3279465730106ced1b4904f0a8c1fe39b9fb7961f8ea6a82bbf414b117cf17dd127f8c11e555d7d9ee27506474c708b033afbb85372fedbc6f61794 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fde9196fc9fab3e4856c0ff95bc1241b |
| SHA1 | 66c114bf4c3465769d31237f03da3b904c36e28e |
| SHA256 | 41fd82095966572cc91cedb18ce726de89296712fabb94e8ce74785a2f53b850 |
| SHA512 | 38837c1fb3f81b883440ee29162e3c5f3f301b6ce6ccf0c878861193cc6c4c1b1a12470d15c26903a1eb0129c58988749cc1d508d80800ca569d1d88c2e1672d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c82e8b897be34f4a649be63ca93b4477 |
| SHA1 | cef38efc12e5773917ba287c23aa40eb78049d6a |
| SHA256 | 78798487d5c7e86ff398d55048855dae43a75fa93031363c7c45008348ddd5ad |
| SHA512 | 05cbbadbb687e4e83661d430025e83fec8745a1052929efd87d312214de40ee8888945efe0d242dbf7d472c849acc70ca724518e768800dff60b0f7b003f6bda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de1a8b35e3a051bb1ce293dbad18847e |
| SHA1 | e2be5309bbcd99bf0d5278f6afcc702f4518332a |
| SHA256 | 3e65805ec327d9f44a1f3f564fae3b8396b0466fb28308fdfd806c65e38ec7a3 |
| SHA512 | d1b8da81bbc2c81fa1661ce4bb17ade5920e7d9ef7b097c6f0d2110d2958b33460fa3d07314741c8dee2db59682e3544a67ab38ecdbda60ec0b7b2520e485841 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e620c406bdc60996925a6be35e1eec8e |
| SHA1 | aa2d7b01aef47022a4c001c355e3996222898962 |
| SHA256 | ff12900c772cee69af02a87a774785b3bf87a8f847c79c6f67ddce8717972228 |
| SHA512 | 43eae07a355476d99f6e26e3dca15c62f35ad26e10bf4ed447b74c5bc969f4d615259a0614013d1e2502279d7d6680a9737964a3144c616cb63196a2ecaf4958 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e3ef57c35f89b1bd92aae716bfc1662 |
| SHA1 | b2844514416f36c6b07c2a1e226d77cad9654b9d |
| SHA256 | 18e998810dbe19499ab7e7695b9841ef5ed231c9abe5e8e8727be0873e80e986 |
| SHA512 | 904d5fb478d2473f80e02c5b85b27c5c79a18007d677a9963a0a58f2566b0f71e6f0b56555520d7c1cc398936a6d2bed110e541fdef9c2bd8c4bf7b9e08aaf18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1346f5fd174a219e338ae8791953a16c |
| SHA1 | e2575412dbd57fc1a0cc28a64dd183660a2c5c35 |
| SHA256 | bb22cb2e23de251ab2ed9ee802cec034a54e06295778df2c3cf5b6ff79b2829b |
| SHA512 | fd13d32d278247246184fb252f1631f41f27c833aed3eaf9967c25e6ffad0bf5c8a4ce0cf18fe0f1a85a8e633f7c5b9669cf49d0c01a14692329ce299e07661e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be1d605117990a55827051b976f2e953 |
| SHA1 | 899a07449eb204a0eaf9f1f369fc0a0e82e6fcd3 |
| SHA256 | 7d3340fed08be4fceb8aa16f34295f4a66b018ad8c7d6ecc8855bb3df4ab9f98 |
| SHA512 | 6d4f5514015e5a08286b1d4cd9bf866098187f15ad5be2eefd41f839d5700e871b2ab9e0e97866d2add1e2d7e2943a025e3876d98a2b7b8364e234ab9e26ba18 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:34
Reported
2024-06-13 06:37
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43a6f0f2960723360640929864c9e4c_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4204,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=3796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4312,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=1872,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5456,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5464,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5864,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5280,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5316,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5308,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5096,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=4268,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5336,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | park.above.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |