Analysis Overview
SHA256
468030533f3d2702aa346bf6acda7b4f9259a460697a4126c68f45331dc3bcab
Threat Level: No (potentially) malicious behavior was detected
The file a43a65843dbee3eb37ec4bd3ac7d38c3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:34
Reported
2024-06-13 06:37
Platform
win7-20240611-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FBEFEE81-294E-11EF-A3C1-4A2B752F9250} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422337" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2104 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2104 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2104 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2104 wrote to memory of 2976 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43a65843dbee3eb37ec4bd3ac7d38c3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | s132.cnzz.com | udp |
| US | 8.8.8.8:53 | discuz.gtimg.cn | udp |
| US | 8.8.8.8:53 | att.ydss.cn | udp |
| US | 8.8.8.8:53 | a.tbcdn.cn | udp |
| US | 8.8.8.8:53 | bbs.ydss.cn | udp |
| US | 8.8.8.8:53 | tcss.qq.com | udp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| CN | 220.185.168.234:80 | s132.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s132.cnzz.com | tcp |
| US | 163.181.154.229:80 | a.tbcdn.cn | tcp |
| US | 163.181.154.229:80 | a.tbcdn.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| HK | 43.129.2.11:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | gm.mmstat.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 59.82.33.225:80 | gm.mmstat.com | tcp |
| CN | 59.82.33.225:80 | gm.mmstat.com | tcp |
| US | 8.8.8.8:53 | ocsp.digicert.cn | udp |
| US | 163.181.154.237:80 | ocsp.digicert.cn | tcp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.137.227:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.227:80 | pub.idqqimg.com | tcp |
| HK | 203.205.137.227:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | ocsp.dcocsp.cn | udp |
| GB | 79.133.176.166:80 | ocsp.dcocsp.cn | tcp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| CN | 220.185.168.234:80 | s132.cnzz.com | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 59.82.33.225:80 | gm.mmstat.com | tcp |
| CN | 59.82.33.225:80 | gm.mmstat.com | tcp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.97:80 | bbs.ydss.cn | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d56bf6a72bf120407385c0c502e7e64f |
| SHA1 | f61f04099cf74b44749a6e66d6c5318909dce80e |
| SHA256 | 83ece0af63f1ede190b941b3d4be35d7f771222885f8b5643fca0fc5bbad90b1 |
| SHA512 | c1c4825520dce2fe7c8c1b9a8a94395773ab2cf0d9ecbd7ff1e02d14eae2189743af7b93ff61acb0751a83cf8b622b89ef627d2d7b6b39e91acce393a9856b8d |
C:\Users\Admin\AppData\Local\Temp\Cab7781.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7793.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 668f8b4f82cdcd89571c59e8f23522fe |
| SHA1 | 5c3baadd8ba805833fd7edcd17af5b140181e8ad |
| SHA256 | 4ae6a02f10f6e1eb9efa6a45f21e7cb27b665befbbbdeb6b68a0e7cc5af24c58 |
| SHA512 | bf3b32c70da7c0e20ade7080b088883bf82fdabe0c52df00c296de9ac89087e80f275348a628c498990ab1d1233dc446d3a511b9fec612422841c9243d6b791d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c7b2559bf05ee5427deac744549d644 |
| SHA1 | 7cbf05394fb4185a6af3a54ad41c608487c2f5f7 |
| SHA256 | 53cfdde5fb42c070ae786d5db0cf81c23117830295fd35b0517e9ce582aa9796 |
| SHA512 | 272e54a731ba7b8cea769c10f66c19d058c8e2eacff42368d9243972aea32678b6dcc7b52fec996e5d21b9c0737cd7884a1d25c033f7a4ea7c39b956232f0452 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a24f9d01789ad15b4aa2d7cf415e54b9 |
| SHA1 | 1cc2e959a7a9061ab7ade5f1ffe1bea39277d4f5 |
| SHA256 | 1bb425cb669299681c889febb4912ea65e7b0661cb99877ebdd08c0bd380b1d7 |
| SHA512 | de1378babf2d4bd62680c8d4c2c3034fea0f9315a6cc5868584d0a4012da950774c4ff7de6d285fede3aa2434ca82431001a2dd33de3084b8b32f752051d7e57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ed04ddf6e8fc70c9217e0dd9ea075b7 |
| SHA1 | 6e293b26c158cc352193841849cad819f1c40e60 |
| SHA256 | 14893d1eea64b0a51fc2070c5f7c4be57459b961744d381ba1d5d15a6b402f44 |
| SHA512 | 86630757599abfca2c15b7402fe71de134090eb8c86e5420788b388f75aa3370f5f3ce68be53d61b05d1fb2ce28fb36cefa63e6a88ff38f79fc3e577467f4918 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b99b9ff21b5aaf18d2686b7f62aaf83 |
| SHA1 | 40c735b36b36634965affdc8a706ee369694dd3c |
| SHA256 | e0e2d83ea77bbabd3d4d5a6c864b1357dc9bb0118b306a68b967241f35e98269 |
| SHA512 | d0ee52ba2dc791dc718756b09fbc118bbb0d6761e74b72ca6d8b8af8fc8b32571c35b02144d867e15ccadd1cdc34e9cb9a49013f2997b05571223b774de899b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe973b94c6b05d5f069f8afda41ed08c |
| SHA1 | 993acd5cf6e97f81b1bd953079e588cdc307f38d |
| SHA256 | 26c18e736bd145cb1f44254bae44b9d810be82381e3b8cd99c82ac474f54cc71 |
| SHA512 | 688046ce970e5a4b9071b0c4bcbbdd6cdea751e43daf92dfe855c629f57ae9ad21cf4ecf3e8782ea0585213375715891477b89d54b7d7096db1757af8f0d8c8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4dca5d9a70147b17c169cbd0fca70fb5 |
| SHA1 | ed36369961aed8c3c01c94babb1947b5214a5fa7 |
| SHA256 | 33c33d097b3d35c94350435c1f4c45b02118854508d5bec5979dae02d9bfeefb |
| SHA512 | 66d474c82fa3e63d274860cbf7464de6ccdf5878ddcc1e5049a66f70e4d723883895043fce609e0b994763bff50fbbab49f57a8e7d6babeaf78c0d5861d0d233 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd359ebd6e67db9201f498283ddb1c1c |
| SHA1 | 1ef45e7baded509c8791b00a9b45605ef7f6a3ee |
| SHA256 | faa0852f3e4bb2cb799bfe53e3faf8f7ec0e2f3b4fa00344a062137a946905a7 |
| SHA512 | d8ce6ace1535d1ff0ba6602a540b76220ca60c1acdc6cbde402e86284769ccee2325cc019bd5f5d87ae3f15c7aefdcd9bf2b7ed414661aa007ca8b4de95185b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9359042bfa3047e959a482fda788036b |
| SHA1 | 230794eea9eb2239c083c2b8f6f6d8054d60ff62 |
| SHA256 | cf1137e4faeaa24e492d994ff6f94c3e3b6efa116ee76b7b2d98d4df66c784ba |
| SHA512 | 1eaf8e5b2b9655c2f55df020ce5802cd5e7226482877f66a7543d3d4aa62cb00799a5d02fa49c9b528e28bc9a5d59e3ab8445341fc29f5a00403713c3bd00397 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:34
Reported
2024-06-13 06:37
Platform
win10v2004-20240226-en
Max time kernel
144s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43a65843dbee3eb37ec4bd3ac7d38c3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5000 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4704 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5728 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5352 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5928 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5840 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 2.18.121.10:443 | bzib.nelreports.net | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | a.tbcdn.cn | udp |
| US | 8.8.8.8:53 | a.tbcdn.cn | udp |
| US | 8.8.8.8:53 | bbs.ydss.cn | udp |
| US | 8.8.8.8:53 | bbs.ydss.cn | udp |
| US | 8.8.8.8:53 | att.ydss.cn | udp |
| US | 8.8.8.8:53 | att.ydss.cn | udp |
| US | 163.181.154.229:80 | a.tbcdn.cn | tcp |
| CN | 58.218.215.169:80 | bbs.ydss.cn | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.121.18.2.in-addr.arpa | udp |
| CN | 58.218.215.169:80 | bbs.ydss.cn | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| CN | 58.218.215.169:80 | bbs.ydss.cn | tcp |
| CN | 58.218.215.169:80 | bbs.ydss.cn | tcp |
| CN | 58.218.215.169:80 | bbs.ydss.cn | tcp |
| CN | 58.218.215.169:80 | bbs.ydss.cn | tcp |
| CN | 202.98.201.167:80 | att.ydss.cn | tcp |
| US | 8.8.8.8:53 | tcss.qq.com | udp |
| US | 8.8.8.8:53 | tcss.qq.com | udp |
| US | 8.8.8.8:53 | s132.cnzz.com | udp |
| US | 8.8.8.8:53 | s132.cnzz.com | udp |
| CN | 220.185.168.234:80 | s132.cnzz.com | tcp |
| CN | 220.185.168.234:80 | s132.cnzz.com | tcp |
| US | 8.8.8.8:53 | tcss.qq.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | discuz.gtimg.cn | udp |
| US | 8.8.8.8:53 | discuz.gtimg.cn | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | 229.154.181.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | discuz.gtimg.cn | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| HK | 43.129.2.11:80 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | wpa.qq.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 11.2.129.43.in-addr.arpa | udp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| HK | 43.159.234.172:443 | wpa.qq.com | tcp |
| US | 8.8.8.8:53 | 172.234.159.43.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gm.mmstat.com | udp |
| US | 8.8.8.8:53 | gm.mmstat.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 59.82.33.227:80 | gm.mmstat.com | tcp |
| CN | 59.82.33.227:80 | gm.mmstat.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| CN | 58.218.215.169:80 | bbs.ydss.cn | tcp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 13.89.179.12:443 | nw-umwatson.events.data.microsoft.com | tcp |
| CN | 58.218.215.169:80 | bbs.ydss.cn | tcp |
| US | 8.8.8.8:53 | 12.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.136.81:80 | pub.idqqimg.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| US | 8.8.8.8:53 | 81.136.205.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pub.idqqimg.com | udp |
| HK | 203.205.137.184:443 | pub.idqqimg.com | tcp |
| US | 8.8.8.8:53 | 184.137.205.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| NL | 23.62.61.161:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 161.61.62.23.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| NL | 23.62.61.161:443 | www.bing.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | bbs.ydss.cn | udp |
| US | 8.8.8.8:53 | bbs.ydss.cn | udp |
| US | 8.8.8.8:53 | bbs.ydss.cn | udp |
| CN | 61.160.192.99:80 | bbs.ydss.cn | tcp |
| US | 8.8.8.8:53 | bbs.ydss.cn | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 61.160.192.99:80 | bbs.ydss.cn | tcp |
| CN | 61.160.192.99:80 | bbs.ydss.cn | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |