Analysis Overview
SHA256
b4576ac592405ae54fc8b758c6a7a0c0d246cca81cdf8ce2972fa8a84bf0a6a6
Threat Level: No (potentially) malicious behavior was detected
The file a43b5a5ad067385ef9b868102c0dacaa_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 06:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 06:35
Reported
2024-06-13 06:38
Platform
win7-20240611-en
Max time kernel
134s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000069bce506b4d5b593b3b0f910ef7c582f8278bedcf5bf06d253badbeb73fafc7f000000000e80000000020000200000000e79027d33d43d1fdc7b86c5ef3c287919bde9e3eafc216c65f2fd79beca924e9000000093646d02d2ada32fcbef3936530c3a9841bdb9a68113e4f378d1ffc99f0f913e0ad4b1ad79d5a8c89618313ac1a109aaf74e3e04df68aa77e83fbfb40fabe1fdbc3d8a988fd5bf01851e3f85fa4ed5426c05d56e04fa64f70ba16129a166860df4d315fbbbb655f42ba7f8a7dd415cb0a38df6227a26f2907fef1738aaa727b8f65c2c214576c90de655f0d6f42a643b40000000858d980d0788427ba4af74dbf6293baf50b3c341085adfe66bcf500fde33feb53e452b48419871d58f234a35aa88448116ffe5422cb656ffa2637b2346c10250 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{28A47361-294F-11EF-B3FC-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422411" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f021aafd5bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b69a2428338b5207c6c0322feaa9ce45eab57d1182406c58e50ccfe340864cf7000000000e800000000200002000000096f6082dde973755901bb5aa0e8da8468a855411c25ad0b4daa070911eddfbad20000000a234a0e41a1ee61aa317f7f0d9ede9c812d889b6488c934547b9ea80e1209e534000000095645681a03321745b78eb4470c64a506f8d7775437bc6070c34546f94181318c7c8424a83dc7050b18528723ef18498ec3c510bd7310ef341b8773ab19f680c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2072 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43b5a5ad067385ef9b868102c0dacaa_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab7478.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7526.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a03f64d1c9b62405d4d328357639056a |
| SHA1 | 136c657f0a7cbee1f7863fe2df07708d15958085 |
| SHA256 | c03c80bd70f49f5efc0ae34bf50809df59107f7634e8ef1385910127e746a6f4 |
| SHA512 | 6a75426eb3111d4f76e8d61f4c0d5611f03685bcc6af17b4fc11393a2cbd7f4b174faeda6c6ed20f8d4502010b060ef4a19779a80940d174a9908aca873a9b67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0cd1a875b3289a2a6796a7b0b5e885d |
| SHA1 | 2eb7e97640f9b2201314d92fd98d13c70ab6d987 |
| SHA256 | c17deb0c587f43c637157ab73e16f75f025374fb0a92179bcf63ef3be4b28f82 |
| SHA512 | 57042f990eabaac20e83b357c70fa939c7bfa12295d45608c6ea1e330248d63513e0d43f137639ebf196f80a6aba284e77d1e9285a3ec6f720771a1857fd68a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6777efd79fbbd8d046e0f65382c5e116 |
| SHA1 | 4c4e2d00547ae7bc18a8f56977944d2141579f16 |
| SHA256 | 0991c5d0c3e248d8ff59fe13acc4625578efe6b482e5cf2876b187c9f1b4198e |
| SHA512 | 67d84423be360f6a1c37198b35e75b31675a31e8e629954c37e8e370af77e7479d6ff5e96c07e8152aada366a1b2b60d081a1c42f53c4f3589f2bb8a1f03c679 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89552273673c56e15cd0a298428a13e7 |
| SHA1 | 4b821d01069bcfc0294ce4e81975df70eb4f618d |
| SHA256 | 9b16e16edd716ae48bc2a0f748e625baf0272fcf11bf5fb1bd4ab0a41daef531 |
| SHA512 | 780923de7ca57e7a88dea7a473fa87435f415c409d120bc22fec942700621b8590ed9fbf07c377d4fa1ae1d56a787d6f56273a3322e8fe07cc1cac35d6a13ae2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0365b61c3c5c9ad8c6cda053ce360cc2 |
| SHA1 | 18aec8072c641c0a117599fab98a0deba41468ae |
| SHA256 | 9ad2512a4539f045a40ea67896431cfac7cddd9ce65dea6183cfd2422160bdc8 |
| SHA512 | 555edc4062f2d43583b3507c9a31c0d3c7f5ee98126021f6638edae872ddc00e855e737619d34b4b28585c840b4ed8f84e2b8e3a616cbf7f884cfaf531cde2fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 798e9607659a7c72552a1c9d66c0d42d |
| SHA1 | cceda72a9902283512bdfaa5fd0b72eed52cbc3e |
| SHA256 | 6382423201fb47e502c7153410c882022669520829d424a730f3274e26d1c375 |
| SHA512 | 27bb0bd20af2cd8946b24a32045d60387b38a7af386e573f61f2a0a8610859c4d0bd5a4fa5a06d1b05f37472f9da10ff2458afd6cee718598ea5695b62e2cc19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d5b7cded942401ec88fb710ebebe549 |
| SHA1 | 63772b4fcf467c1640c584b685681265568b8c63 |
| SHA256 | 622da9beaad455bc5c39114ea4a27f8a9090310531f1a2482f6b4bbbe8fa4d86 |
| SHA512 | 4b1863164b804641190de65de32f1249ce9522613e2be73e08357f0594718d68c391443392ab6d97d2d5c33b91c2a0e673e7dfd2a535422838a872374c4d3b97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7098c4e79faff58d6df43c790b2c700b |
| SHA1 | b96419a4d6368735bbb4931a070982107c05c41e |
| SHA256 | 78cc1a6d327349aaa23155f84b6b0e2408457c9d3337036087ae9f79c6657701 |
| SHA512 | ce63004be2fc707ca17e941e7e7fb754e96ea96b7ce3c4211ae38bf5dede091040992f5bb806d7326ed78d601869426b7aa42bb1cabd07be07e82cec93f5156a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24759936d88afed6c8b6e57a01c3d6aa |
| SHA1 | b00a72d9083b07212cc558fbf4589bb14865b77f |
| SHA256 | 02ad1a5e8f2b0b5c9c659f6639facad5074f7817973a7f9ea72aac9d0cd483c9 |
| SHA512 | 86a02dc96828779bf7ca0211a1d719aeeb14def15b61f70737dd4b54cd1dd0e97c168800792e9d18d8b7d32695d2344d0b96928db0b25d4a577bd5b8e189d5fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adcaff00a8a5dfcc42b3b2c096d6cc3e |
| SHA1 | a47c17289ff1667c6a1356f2514e6957f1cad94f |
| SHA256 | 1d6cee173330e96fa0979737be7a2c2ffa66c76ad74c2d4ca2ed1a06bc597167 |
| SHA512 | 64cbf91289ba0b2aa2f7ed7d3a0101928b667f0433038c67d1aba9dac95aecb1040b77565fce470685b8549fdf566d02dbdee7abd3e7b81edd735969233d9379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca192789c65ddd17ab6b6a03e0af34f8 |
| SHA1 | 1df5ed9edbf5560ea0331c607e7b5cfc770870d1 |
| SHA256 | 5648dea403f06e26ea672dd3b5467a1a2aea027ed9f6ab2d45c1a39c774a4e59 |
| SHA512 | 17f6d9418545249a129ceb46ca98e6ebabf958ac0e9ab6cfb3c712363adcb8a0134886782f604d981916b892b2eec93a5ec14c8ca21e5c304c2e06517b7be4ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 344b1e3df47af3c2b39b308d7f4ace08 |
| SHA1 | e32ed7217b49243a874f7b918639ed78c17db7cd |
| SHA256 | 98c49f3eb95169e8865250eb77b3aa47ef66b1c5f4054f1b214947911a45458d |
| SHA512 | eac079713099013cb30aa24e211dc7676231cf9124d8c9c66dd8bfe668da06b99de9381bba5ed5d3d6e835f104db51e903b2ea1c3085b1c36aab810a73c359f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e5dd4aa18e1d81ad724fd6be1c8c0af |
| SHA1 | e67a0aba487de79736937570a4f28cfe1aaac6b0 |
| SHA256 | 1f0d5354d0f39aece4a9df717c01d40fb3d705aa874167940479d4ebf8ba3ea8 |
| SHA512 | c38ca8bc40b3e8a41cef9943168e1d736b40b6f4c5905bd847d51a304dbebab52772f8b6d956479cae80eb2627481e72a398c6e7f3123d7f6c9b8c0cd84a51b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c82ce1350bca0558f1869a843be0eacd |
| SHA1 | 31e8741d31ec54921f30fcd4a7fd7787ca8b7343 |
| SHA256 | 2bb7fa0d288a632a3a4edf7619334fca0ece6cd900c9874a1bd1f5b94a414946 |
| SHA512 | fe50804ac49372f2959d73b51ead57f01dc8c8b74336ba9f3c216aff844bec112280e6ed45b9d54f618a86e6e4d028751c9374dd65b41a8ac600e6b816718970 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58ca0d77d6be190a430ecec04e410d92 |
| SHA1 | 100b7f358c967bf94c34c0c5bf9ad87b0c7375f1 |
| SHA256 | 00379c9c4a82228ec8ea0b050de31f43f17f1c6638a6fc96acb340ca05db578c |
| SHA512 | 19c3f205b42e731ab30b8822a6014d5b467b9f335ceb01a290a297b9418845f53e11e323156e33a8949ccd648213beb6cbee93dead90143f626ac0cb92a9187d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 566ec58c1f596626026d0bfd5c610f26 |
| SHA1 | 5aa5ed414f2625cb85f20f578fb4e12451e99c1c |
| SHA256 | 7cb465a138b701628ecf9968c46b3cc3820ce0c2870f4bc1a6a1f22988893445 |
| SHA512 | 8462671035f37df46d77bf8563bd574641d92b1274a105dcc5f5df8614a48552344a5051c6c2870e37cc7949a43dc8dbe1a8a61b5ec7273734572d6b8a264c2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b72e428265b2588241ccf73f26c93611 |
| SHA1 | dffa09a1179058a4f03784b4fabf8f1f97e3b4b5 |
| SHA256 | e31dd3db5b75f45c91467b6c09d3b5f1d2525c86be400ccc2faab2be261ba223 |
| SHA512 | ade4c55026bceba90452faf2cb4896835fa6d9a0cdb4401d9ad9fea429cfd3b713b4937ae6a1212a25d620edbbd4a1e92ead18a6e4b20d15efd55dbe2bcc1876 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e96ba2439b18d778e173889477f9e81 |
| SHA1 | 56ee650cab4fc730823ae7370a1311e7a010e868 |
| SHA256 | 33a334661576a3e3db9228e973f1e7517594a73fa8742ab4a99a8f6f653af1c7 |
| SHA512 | fe62ed24e0a4b349fbadadee7a5171046e6c9348765536fa8a15c33b0f6d24383c17a0d05c552e15a62f7ae9be3ac3e56f46e83257746c8514aaf9d9cd82a3fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 289e2a1eaf6dadd80546c461e0306546 |
| SHA1 | dc6b3533bf549b50d186137cfc2c5517bc6ca96e |
| SHA256 | 23189d40204f79f021e55c68e4eaa4b56a32751137577e6db046b1b13a65e04e |
| SHA512 | 129b4148edd49265956d8e145fe1e12ea983f2067d1dda0ef66d58c3458a8e43b857845463a73995a7f3b2b0f3c6b5d28151141504a9cd335c78901f1db1f964 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0aae6deb747d326c1b4329006da9d87 |
| SHA1 | b84c1b389413a96597dc4286409eb48b5030c731 |
| SHA256 | 0c44100b1aa6291e800ba31c7b75e23ac77f717ca8eb6b2d3262069312e198d5 |
| SHA512 | 12259cf4e2c8486c43debc20d12d1fb77972adc374f19120ea20855cd248f7f9a86b036b719548494872a1e74670b76c64c38c4be3a2c4f766fb2108d92ec18e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a768e458b2b2995597fc836dcf9ab592 |
| SHA1 | 67d2d274bdaefeae75d62c234974a4b7cc565e83 |
| SHA256 | 07cbf9e3f67dd28b9b71338dd7e00b33c5891f6df7339b5fd1463ee9542107ff |
| SHA512 | 15c1a1fa549120d155a664ab28e21972e4fb3f15eca8be3d20ba492e8e230f69397ccfa33fb2aabaa7865d7fe9563432482ae7c368bf03642892a0a83fc8ec6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7f864cfc7fcb97a42500d939977e01a |
| SHA1 | 1d792a247b205acd8282e039f53a2938b103ff60 |
| SHA256 | 1e4d6e16647df3d3369e29b6b7846a643c0a4eb66c37e4bd0e2acfe494b5a8d1 |
| SHA512 | 8ed8e5289699025da1c72c5f2746f5807288c375872e90615ab0063928b64b4633f25b99ef003415d845ccdf40fb1acdf1804807d5b2c929d817a4998839d43e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 06:35
Reported
2024-06-13 06:38
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43b5a5ad067385ef9b868102c0dacaa_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3928 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4944 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5836 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5484 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4744 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 2.18.121.10:443 | bzib.nelreports.net | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.182.143.212:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 13.107.253.67:443 | tcp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.136:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 136.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| NL | 23.62.61.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.201.50.20.in-addr.arpa | udp |