Analysis Overview
SHA256
6198b06984f219312c6d2f99b689a0b5a0fce53d4bc02a2f9cc6b8157c8a32b4
Threat Level: No (potentially) malicious behavior was detected
The file a48df23d250995ca5ab30d51894c8ea9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:07
Reported
2024-06-13 08:10
Platform
win7-20240220-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{04ADBE01-295C-11EF-B54F-5EB6CE0B107A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 903b53d968bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c08c83955b83404b810e3aab534103ac000000000200000000001066000000010000200000008e3db378bd3d932940a9f487b54d6b8e1d97d59f5126dff0ce9c69b792dbe493000000000e800000000200002000000069ea25817a0c05470c6dbb90d80a94f6cbf8e97401b55f32d3eeecb23a8f650f2000000078bf8fb00fd2d7671d36886973649ed1fc49494eb990fb9b286477ed47b17ad840000000a978616461bb3df7ffb02ac1f2cc5eca01bcf31fbd2705f37569b733ba669a8da406478592fc02e6594715969cbe8ac01a22688e90c7db129f30b0e5199c9623 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c08c83955b83404b810e3aab534103ac000000000200000000001066000000010000200000007a44fe0caa3b2b008fcdb7711256aada562c8fe3dfb7b42c35be905893bc7a06000000000e8000000002000020000000b04179fdbf43b6f329083110c085311f7a02a6ab05ab2f4d8d0ed2b78dd52550900000004ce3cda188606cab4b5c8d7527e690d1df2b0cf6eab9583135e1c7e383f9123284874a7e9db80fd3e8a468ca5d902322a1a3c2857a93b5c793305352bcaa0676b89d9e4b6a444bbfb388f029f5c69d31eee3e3fe6eb5e4969341776e6c00acedb06271b2c3eab874ab1f4b710a992d432b4e81895c3395791bc0bfd4ae8762cc828d64892d5eaebc996a92657bf31fff40000000a81ee9829816dd4ad265fd61a93c4fe70d71874c3d58c1a9dac00cac9b4e815c8f4f0f9c22ce6d66b7f66a5632c35be127e02b5e03038c9c336abb4f6694102f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427934" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3064 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3064 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3064 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3064 wrote to memory of 3044 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48df23d250995ca5ab30d51894c8ea9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab207F.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2160.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f855f97c7fa5b0a85589a7f0df1170c |
| SHA1 | 53623f7ea71fb2b548a816478e6a5708fe2f1164 |
| SHA256 | 24e40676297b685c0fc21ef664785c47da7a313e00506604af5ea3827ed1a383 |
| SHA512 | b622553c559c12ecc8e825adae28378b5494066053fc4a3014d054c7c18cb425b678ffcb8c3f29dc94cabfcb70473089ba21d08df5dd9c2f0dde3f852b9c4e65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5487a3eba9d8dbd8e93336c2ddc4ead2 |
| SHA1 | 29c3dcf3847b168eebb3d0532ef61b1e6cab7e98 |
| SHA256 | 36b782a4ec34510d57273b0c6884a0d3ffbd5360e59e4909f18a961f509640d7 |
| SHA512 | ee0cd563675137b9793908a6877feb858ff47fdc95f0fdfce7cf62879a2e7f1ec4a40751de3fb2d7feb5ad323c871e3fbcdeebf87a2ff8b77178f2b5ca9c6175 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b499484a6f8be3f65e4ab74d1d0080be |
| SHA1 | f511afc92bfda10b03a55868753503a06de032b6 |
| SHA256 | 9c1b0e66f115569a40aaf81a1ea17e178779947072073ff65c3d68f310d8e77d |
| SHA512 | d10d5bcb1856fd081351c5f7c0948b3c1e40f315391dbb4b00a41260c7511f42b4b17b6495a4d4223c2c7588590a2d10d9d3708a27a44aafd84f2a665559b894 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81dbfefa088635216efc060584cc7d2d |
| SHA1 | 83d460717cb8cbc06a9c3c871c9fde4ef54911ec |
| SHA256 | 705e3b588d8bbc2937655c23bc766cf0174a11c8189cfa1866586adcd8a188e6 |
| SHA512 | b69f0082ad7f43bda04eb9d605a6fb32b1b1975abe3aa6322a63419a9084178fd687eb53439ce0160f7d156ac677bc2b9d76a35575236e4a8149c9851e0022cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e32be0fda26b46ecb84dccf294c9b2e9 |
| SHA1 | fa2e1faaeb3bee8180841daf96ff7319c9181fc5 |
| SHA256 | eb64b6faa0ba864ed0c975512e402f4b38818440df9dfef7dfadd45b6c5abbc7 |
| SHA512 | 119f7ccea7669af6fecaae4d7aa4e3741d3e0a85c9d481936afcf493073003d74d26f00a528c3220706e4767b00de67d1bc5f009f5882d1d0b2390d6cf95cecf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a98151dc631ff869aa196d3e6280ae6 |
| SHA1 | c45ccb3519e106a3eb0014b6e1ac45510f835316 |
| SHA256 | c0ddeb1c3887d21e90787fc3c4582ff2cbf218a7ceed8aa659407c9c4d58dad2 |
| SHA512 | 6811b09c1282eb554db46939a647eaeaacff5328599c903cc7e60f3c75488666f8135297905a045ee9179b4304a18011395d6198982b3b9df81bda436113d71f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e783188561663007c2f784a40b9137f |
| SHA1 | 79816643af6c96715dee64143bd540b3f1a3c22a |
| SHA256 | 66602341c60ac17d9913e77b2652d10ea7b23be71800697d34cb82da634a05a9 |
| SHA512 | ee39543c864ede9a70377818eba74cd0ff303088eba1eacbec9747fc55ca0523104ad2500d89c703b86fbe950d182491b680734440d9ddd06d4427d94a5f0716 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a40ff91785ac9064a4e29792b826ecd6 |
| SHA1 | 89336552e709943dff3bb41803f0f5fc011b48cc |
| SHA256 | 2048a47e10f9afc4bb09561b382d8d594cfb54b5bb5838c47b3f2ddb8aca8b25 |
| SHA512 | 63438c3bec2a12d85f8368577781e405e6917a36b89b9da1f189b0b9046b4f9a320e459f9b9879cefeef964903763c28fca71074a207aa281146b6805e69a464 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49aade5cb998f689ec8c5ea7ef620281 |
| SHA1 | aa34e30d22cb330a6672be5c7a9e00be0ec20370 |
| SHA256 | 3390827cdbfeed09878483e05520305765b8d7baf41c815b32bcbc3574f43249 |
| SHA512 | a6848e0d5a5d9989f16fe88441b49eebb992e7587899406b7e86db9eeb51145ac4863908028217e645d02efeaf018186b9f4c5272aaa04979579c349a47dd86a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a24f445863ee32cd777eb3cc32982c4d |
| SHA1 | bc307272be9ea6e6fde1d50f507d921487587b0d |
| SHA256 | e66b97fc6da5e08ba6949902de8e92a244726dda13f9c66272e1723c64f5346a |
| SHA512 | 82b47858c1f49410e7343f9936119ebe1721e79e5f9e13d1bae75a773ce8182eb98acc0f432fbb31fa155e1669f91267e5d5318c21773fb5c19533d6300a296c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 832f54641440a55ed77a025d4b86faba |
| SHA1 | 47aab97df86e3f24ea897fbb1988f73a660157b8 |
| SHA256 | d784587ba8650e2b09bd88245bf945e4c5f1a27a7606389fa9ced4626827b728 |
| SHA512 | 0f5a83fcd62300750608aa93b495a3e43e0bdf19dbe31bd17ba99dad3a21c56fe47e1d7cb0dd76c3f5a4d040242609e1b0f546c1737d35de050ecb29968436ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac84bc66c094becf53844e6034bebbb8 |
| SHA1 | 7cef49c84bbd3a4560d37af8c797f47dbeb87097 |
| SHA256 | 734de0042d83032bf4f5bbbb5f00030cffedb11ea54a9458a30f87ec2f9c04c5 |
| SHA512 | 925be062506c1ffa0cef6db2f3202e8dfe6729ba30c23a5ed1c40aadcf4a03296e6b92600bb3a3b09196538e1fe4a32d845041316e28f161010a32437ce4169b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2673fb256a5769360af55a58cc009b16 |
| SHA1 | f85207926aa7c28d1208025b506056ac0e5e72c0 |
| SHA256 | 5555d5f20b566654b9a6612abd1f3a251828cbca313e3e21f3f3b1a18d2f1ca0 |
| SHA512 | d4faa1aacbad51323d0c3d4f7f54f7241c3454451b300f4d960194e7a791bb9240b6a7ba16885e2cd6e78aca2734909f7352c4e4d9c30cb5fa6fce4276e32fcb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba99622ff8ffc5326f2fb4d95ccfd950 |
| SHA1 | a357a7872e3f33ecea315d573eabca43a8945bfd |
| SHA256 | 121322201cedb282cc8bae37024ee4da93a01ff92dac09302f67707ecb98c40a |
| SHA512 | 68b2c8738bcd9a1440e28d1fbdc96c5a03248ee5e2d7ee72cc8e64eeac7821ba6a8f3ddbb034b222244726b68eed214c6b0a35a2e71b5385e3ed3d3d17f02164 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccd3a82708ea53c4718222d7e84e9ed6 |
| SHA1 | b1d47730a741fc791be0d3b83e49d0803e7da33d |
| SHA256 | 69a813f851ba2cd76955c971312085ca48ae28d7d011b175ecc7fcb9b71eca36 |
| SHA512 | bb9457d2c8dd636036fdfca3b834cbca095cc6a8754d961f7cf9ba643830b08554fd070e29eac60c00f485a778f08f3d08c47b0c45bd6da8aabb79d66cf059b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 444f5d66ce3faa8546d372e0bf4c103c |
| SHA1 | f4a49fa07a05273a109e505e41a957fefc59ecb8 |
| SHA256 | 993e2d20f64ce0657a4f1052c3697a7493b588f514f4a9f03bfcf29e7c8fb328 |
| SHA512 | 21ce9689b00ff60286f51fff6d7de802e97cabda1aaaf538613ca21ff16e3fed24ade21c62da2e347b92c75044fbf39d533c23fe907dfc734b51a7d70a4b853d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6222b0e9ed8ea31e14f39d734980de7b |
| SHA1 | c08515f9ad44f68bea1bb60cc26a3aeb09b4004d |
| SHA256 | dc00adeb1f1bc2f4442b22da0d68b57a266370d560cdeae1cd267d7f78c7b32e |
| SHA512 | 3a0d259acd4079bd6f8a322b0a94e018e0138260770c8000f9cfff429133e00628d6db9f3e83fe7dc6844af2a1d0c2d793f32b09d36a2c18ba40f12508139315 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | beb3afc6e878f9c51f480c5ad853fd90 |
| SHA1 | 68cde885da01ec4aadd172c942b4dcb2795f3e57 |
| SHA256 | a7c08e9397b6af3c02385e86f676baa2ab7ef19363aa26a4af345d90f441867f |
| SHA512 | 2c21795dcae18937014242ad824ef6848131c04eefd0c4cd3a278d9ff4ed34dc25c85967b230067f4a86e6b8cd5828a6f13235adc241b31e1f287fca3a0ea3a3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:07
Reported
2024-06-13 08:10
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48df23d250995ca5ab30d51894c8ea9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1332 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=1712 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5388 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5456 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4104 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5800 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 23.62.61.192:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 192.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.173.189.20.in-addr.arpa | udp |