Analysis Overview
SHA256
132b369b077bd8b5fa156cd90a4ddcc1415fcaac155f2ffa561349453ace6414
Threat Level: No (potentially) malicious behavior was detected
The file a473b8132dc74c35bed59bd415ba92e0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:35
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:35
Reported
2024-06-13 07:38
Platform
win7-20240611-en
Max time kernel
117s
Max time network
132s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002860d5f370f0777f910d95506b92708064f6054812b066725535f15ec4e1008e000000000e8000000002000020000000dac459c4e3e767f7330aed70b9e272cb189a74d0ac543a7f107bef405ec5d249200000008cdf90587b402c9d30a9b86583d1c8236af555aeee0c5a2dc4bd27da844a79be40000000421d4cc071b848dddb5d8fa516bb5a81dae4d0d7e1e7744ba531d5494882d17e5efde1a1beb6cb87c3cc1cd7bb9cf0247597b39d08c1ebd14c67235d6b46c1cd | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603a945f64bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{89C5E4A1-2957-11EF-A155-FAD28091DCF5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000018f7381e91ac4cee79563cea13436d18a28d9183f1c4eb96e14ee19703c88979000000000e8000000002000020000000f3fb950b825825b2afd4f9c7d3e56de115b8928a79557305723b2d8741499dbb900000000309dd212e7f6e28c45e3ab94ca97937d802732eb2556a53b4ada49c8e126756479038873aa548fbeeb76f7581a36fdc5017143475b9e3af02d209f3266cba757e900b8a5c4f1bc267e8fba8dfe050ee8b6321bedbbab54d4e71ccb2b426ed50f24f0a1af312dd76f9765b628f3d10e0d89c614f9af5dcb1bc8f7b9381b4ca4365d548a123e214aeee09d2134e9691be400000007f61fee461012405876f3e81227dfb0474733221433e1acf1e3b22b300dd872adab267f88b62f24186a93b728a6ac9deab8cb93b4b537b2a15f2d831ada87154 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426011" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2040 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2040 wrote to memory of 2932 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a473b8132dc74c35bed59bd415ba92e0_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab86FC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar879D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22c6cd56a39405f70dd96abf65c05124 |
| SHA1 | 33f82c9a9a682a5bba48b9e8e993142034dae494 |
| SHA256 | 67dec44bf203cf769cc11c92d69ac3afc82992188a006fb8bf91b36a0a99fba0 |
| SHA512 | 9b5956af694deb5ac73947c3c128add4fede97f3faed41ddd4673fd0650352a58bdb3a1651e694f489ae6ab63c266f8e9a997b37e4f89434a03d23b18e1bd359 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84a229277afbca463f67b784181ffbcb |
| SHA1 | b1761bf1d0d517108a90b37fa16480d9ef070eb8 |
| SHA256 | 57a0f20806fc16a2a837beb79a5f1a17b00222d66c8d2f530ca5c7b88e287b7b |
| SHA512 | 48c3130d9dc6c8c13cd47a2a533a895f670a7c00776e173d811d00534d8fc8b91ed82565acdef1d372a258f30b25c038723ab0eddbbc55794951aa75006bb469 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 390af9d10e75cea4032ed01a2baf89fd |
| SHA1 | 0e9b2fd5f5bb486ba6341597305f621813b5a6b1 |
| SHA256 | 171b322de026eb2cb895dcf032a9cca287e4dcd7c14256f40f27f9a9ad8ce076 |
| SHA512 | 074b49d1be06b6f783fa049a6ab60a15035262bd348b8fd3441b622950c4684798d3e987cfdbfcbfb8182b9566571a1a943f9b77cdec1cf2ff2e216b2b43e35e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c12773a207fad72e00296bba2b0e6724 |
| SHA1 | 30ad90bedb91c428c23cd2781664c84782448583 |
| SHA256 | d03b3e5d78ad30e9fa134546be0ddad5b95c2cdbc8557af387a1e0ef579750c0 |
| SHA512 | 365df66139a6159f917387c8105debb3460e984729e69e28d80ac6bcdb28eb18e35eb1d41390c54c1e29d86335cae2f228b8ac9a06749dd621486be75091521c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 420905f9677cbf75a45e327743bfb9e0 |
| SHA1 | a06ab2086d512ec70e63f260016a0f30aa6198b9 |
| SHA256 | e6cadc60a0a223015d1bd44d737e6c610cceb074cd02d5300a4460ba6bce6047 |
| SHA512 | 5e2c744b6ff89fb8603ad8f2112af342a52acb852675b5bb713f163949984a0116203b9a5208dbe191d34b784a8d1f60563ab8a5f615d89163035e93e01ee140 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49539153d699bcdd444b8882811c9571 |
| SHA1 | 0fb179e31d79b01d14769d696fedc46c0661b5e6 |
| SHA256 | 00b466ef01ddf8ebfb60d7bf6d1fb93546451ed82136efeeb948af24ecab175d |
| SHA512 | 4fac442525b7253ed634b2a7df0592d6db05a8bda57695d5dbfec0896985caddd55f54bdb421bf3f9b3a739fcc5c763f518c31fcd4980859c5e99a91977cb517 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0405ef8ff0a6bdc7042855da2a1e9f1 |
| SHA1 | b85c21cbd9c0e27315e9e6f08ecda5f36a484ebd |
| SHA256 | 76051b30e7152d67036f064c7607acb29d43e3dd661c36cb8b7bf75c9d1df07c |
| SHA512 | 3b36330966daa725bc211b01dbcde7567c51bfe3ab2c28aee3c9f1e4c67517577d87f113d50c25c8e4bf87054e30544de6b4e4629ef29ed349c2147bd46aaf51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1735ac72e17570a8ccd7498990c01f71 |
| SHA1 | db6350c617e71670dfdb0ce53eb98cc6e0e9d255 |
| SHA256 | 589d8294ae197377de1ec14b57a8cab8b49296e4d024264c0b8bb6ff5b62bbbc |
| SHA512 | 53456e74b5185dc2104821a01f9fd8507b40e39ed1b26093d7a62a241a98ab91d0ac31ed012b57b82db5bba79a52df2de9857012055216154ce8d98933182a7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4944e37ca30284387abcc5629243841 |
| SHA1 | a2e17c0c8d6a5a3a4643805adf3b17cfa8c96a9a |
| SHA256 | 71d8d1fd9f3ce6660c4e69a4b7fa053c44f835e4572bcd15cb0d0c1b4326b593 |
| SHA512 | b9efdbaf40d525e1a5b80585aea908c1e582662fe1c6d1d7ee668b5d207d47f8af0d6b826f3323539e87b4f84bae8b28397adc13709852177cba7164a285bc66 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 765130a58a1b63d93631dcd470c318e0 |
| SHA1 | 918d7861accdb144e9b1fcfa3f3f193cde42cb90 |
| SHA256 | 8395d97662453bd409ec4d2ee6789e4af0869c5fd221efd51c0d3bc7bb6e00d7 |
| SHA512 | 39f86dfb136bdcf9887a6e4f0d6adcdd89f89bcec54f5fc71defb184d45e54ebbb6ca0001aaaacf078a3116029c94a58983a2be884d6f32678c06d3f53eb0dae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bfa9ee0fbe724cfc5c19214a5b6f4b38 |
| SHA1 | 2af0d60213194cada71aa68a4d94659aaaebcb39 |
| SHA256 | 6aef7250efe312beea8e99451ef617cfad5158a76eafeb54d50d9d6edeb77dd3 |
| SHA512 | 7381ef068145c24828979d911d03644e10db990f1fec8337469d1cc78c00f878a6dac507b9a802b7c886fbeb63f66226dd97f30e495b3dcd203a9f8f375a80a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4148fb3e2d90da9cf5e76c75303eae5f |
| SHA1 | 92f45389496ffee6f6ba123c551526f31fcc774c |
| SHA256 | de0b8bd80107b1bf5934da8955572fb8ed73fb935b1e4ec29c8baa205e30d6e5 |
| SHA512 | 39a7bec1219395c6807c890fec008c7b4417d6b3c4048903af6a79b74cb64135b88032fc8b8ff0f6dd4d84a6f454f78c1a15863ccfa6fd6ad3bdaa9b23b93aba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcb2f8779e571904567eeca921a2671f |
| SHA1 | 4e5d80c6eb31a84edc08d23888080807c50e0d90 |
| SHA256 | 2d7c1b71c25223e797ce3ea9f03909f8aa72681a6c65dbe7b9073b6e23e55f29 |
| SHA512 | 4931d0c6f6c390f4d30309929021c7d3c1808a684620b0ea02e81274b75c2a901bf141bacceffab11c15af2b2b56af040ca09566534584d5b07ec2430c7c6dc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58220ed5b7ae3bd825959f80170b84a3 |
| SHA1 | 003de1f490493d84a7b52e78e9db2460383f1bf5 |
| SHA256 | 1eb7e1b7e003a898b006aa920441608a7a26b6425fe7e1372cc0bf74d4b96ca2 |
| SHA512 | 14e32f09967b9b4f4b12479e821ff3c656c950e577e85886dc9e21edefb5321a2033cdb4462dcf683a23e4000e67310950f0dcaf781adab6a318403d60791bf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e468f747b584cc6f05a55c20fd4f3154 |
| SHA1 | b75620ca56a2c7f2a808a84366b29d6cdbaf37d3 |
| SHA256 | 9fe608fcaf21684007f2c156ef545c11963017402f65e3bef9482ec9c3686c8b |
| SHA512 | 72600db3f852179da008bb31408d3e98ee32332f28749aeee3611b7ac28f1beec3b9cc442a2973d1097a6848681926248f87eb46d1b9c369b54f3c09a0822507 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a72db4c2e4e7f86dee0486c680a72c5 |
| SHA1 | 30ceda894ab5fec68f5c23539b0d8ef7db46b0e6 |
| SHA256 | 5be5ef08c822c3239c48838aa29c864f38a82cd60453e49803eca01a7d1b8fe0 |
| SHA512 | 2afeb3329e18518da416d74c287195360e7b599009351a5658d91fa6d84ecd89ac74e66df5dee24207c5e961c215e7050b7da297cfb159eab72e84f7e25b2df1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a15bf529b647da0fe7e0469b6561cb69 |
| SHA1 | c438d405608dcd01846e48853b95dc0d080a2bf2 |
| SHA256 | 143cbc1d8de29624a18f28a4eef682280eae3494a7a6e6642746092ad0b8fb64 |
| SHA512 | 55fa8133b257d6887117c87ca05cfc6c29bfc0e2b662d0f43de27386ff6674ccc5dfa71a0962ae6bab870fa64ec95597fdfdcaaeaed456750d67e22f14a24033 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ef206df92e6a443490e16add789fdd9 |
| SHA1 | 720c35d02dd28203e56b4f2482e92583ee7a880f |
| SHA256 | a03a23b498d67e3c3fe31159cefc70de83ff1eaea34f28c2e2e80c2f57cc25a1 |
| SHA512 | 3a77f4526972479960d9e641a3bc1492eb0a00c580b8950b579def2aaab3b761e9afc9140580b5e54800fc8fb3bee22c8fa9d9c5f8bc4661e9fbe4364a37921a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3157d69207250f65b521368c2c0e5598 |
| SHA1 | c6ccaae129b99cab164e9753a8ed85f6d45e6cae |
| SHA256 | fdeff15e33b3825552e2ddb3273943f22553f4a79c5ba476780850527d1117d7 |
| SHA512 | c4fd7a0294e01b1c5a565ea83c84c13d83161beedb951d5aeb8dfda97ac257ebb58622004eddac02df5ca7f17b7f504bc28fecdec8fb22384252c2b0828d02a1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:35
Reported
2024-06-13 07:38
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a473b8132dc74c35bed59bd415ba92e0_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5428 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5388 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5612 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=2104 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5892 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5608 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | tcp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.173.189.20.in-addr.arpa | udp |