Analysis Overview
SHA256
337dead7dca38e47232c9002a09f37d4426930b81ab5801924d54d27205dfd31
Threat Level: No (potentially) malicious behavior was detected
The file a475808d657a9ada3b9a327710ec9e8b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:37
Reported
2024-06-13 07:39
Platform
win7-20240611-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000005accc5ec9b4ee374efca6e9d9569557c5bcfd204be588fa2eccc5211130d2580000000000e8000000002000020000000cdb979f8a3bfb496c1eab5afdb97c5957536c88aba5d6c2c99d15d14fad28f9c20000000a3f44022fd065d675134e7cec911aa6ab5d2c10e663e8d684e5a77a9a3bd8e1840000000af5ebbb9d0eeac59cb19cf3691515439097b95cda2307754bd2980d8b9af9c7a98910533bae19062a4db25d7e072131b7748fd8c22b76dc1baaec1ab04b3ec05 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000000ec32f9d22d29994937b3ffa5f3176b7b822ee37cabd91b6f9d653ee8640775b000000000e800000000200002000000049e574364a4b1fe27295e89f49c5e4544ebc0d133e2a0ca4b74805f4d7aa8e9c9000000027978549c8f359622be7416b36b3d0af55cebf19e5adb11f85fefd633d93d9f701beea2c271caae42d026da189cc5732efd159274b050322cb8007e92b9fed461160921168a5a839942cd93e183723d4f26e9b870240598db4287a6e9d56bc82fc2971e422a9b8a7cdf7ee7d63e4976ad76137510a865da7c1c9b415968149d7feb03597a1a17463367891fdd64396cc40000000ae69142ecca11548d169cdf711a3fefb6bc1f7c72898f3b20be62858c43261691d3b13c77174e9e4fc46cf7a5ff080c56fbd9fe7f9c6459c70541f9e99967d24 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426114" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a00eb2a564bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C805E5D1-2957-11EF-AAA1-627D7EE66EFE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2368 wrote to memory of 2648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a475808d657a9ada3b9a327710ec9e8b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.vescontug-marine.com | udp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 172.67.170.93:80 | www.vescontug-marine.com | tcp |
| US | 8.8.8.8:53 | vescontug-marine.com | udp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | vescontug-marine.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\jquery[1].htm
| MD5 | fda44910deb1a460be4ac5d56d61d837 |
| SHA1 | f6d0c643351580307b2eaa6a7560e76965496bc7 |
| SHA256 | 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9 |
| SHA512 | 57dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | beed46275e52bd4206b1adf2a4e5aa3e |
| SHA1 | cfb06bf6b9cad0fcc47ca443ceb7c57009b8f37e |
| SHA256 | 26cd01dbca720e558b9a5d4c18d42dbf7b0044663981480f8f39451abe40ae66 |
| SHA512 | 47696f1ec71b16b585dfca922dea2a786c2cd1785004a01288d49da443850ecc7a8a89e82acd393504ba210345e8ff6dedd2fe198e304830730e6f53418c710d |
C:\Users\Admin\AppData\Local\Temp\Cab6200.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar62C1.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65d5359d48517f8712717f5c2098d699 |
| SHA1 | 53ed7439e5beadeb70cdd33d1a7a173eccde99b9 |
| SHA256 | 2ec52b7456208360e962117fa7d8204bb4c700a5df67cd70253db3ab90753527 |
| SHA512 | 1e5883aaf8c0cb974072552d3017c4cbde711794f699b9ba89e05d18bbcfa3465a03fa24a3575df8db7626d5194c3a4fe001b787447cde9978d69787d3b6fe93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caa495450e183405c97b77f8ef5875a1 |
| SHA1 | 39f46edb9359eecc0a073f6de841269cbf3dfe9f |
| SHA256 | 621d3cf5eaa45d4eeb09146935eb1c892c0f3975dc7de056193b57a480f9d752 |
| SHA512 | 7e211571d6d9d6ca349d4e7cfe425f1e795722e2d7e60520ce87b7f8833d596ddb68ed5847f13e6fd88a02bc3fb9aa22da864dd3d1f6e9b424696264d07762ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5031a1c159a8c283bfc34c5c251eb6e |
| SHA1 | 4be0cf88f31e2835bddae57f0b1d3a613ab8aa97 |
| SHA256 | c90f4efc41f612b892b975797a66f829307a52e270b781bee6a75eef0c31c38b |
| SHA512 | 44ad134fa615e6d8af5609ee279d97ab7a057b143021673ab7748ac26d4772e05d03a440b3efdd9729d8c366caf4bcecd18e43715a3e3ef65748da001463f4d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e58c83feb1e1311ac74dd4e80e6cd390 |
| SHA1 | 72a13bcdc247bd61d03aba4e711a5da56858a352 |
| SHA256 | af54ef626422848a3077d5354bb2544411048d1562e13b1095f6ce082056e51a |
| SHA512 | 5a65d97e93fc20ca041171ef5e620308bce93d940ff55522dde10221bdd2b2de23c0c14ed2614aa2e076ad878a87fe477db459609c4ad3b2291caf7be4630846 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd08f559ac8263ce4cf1b428c02b8434 |
| SHA1 | 5f45992c03219cf1b57227d3cd3b90216005e53c |
| SHA256 | 338a80d1d61015f86536b71422b8ae8e9d85805668a4fe1fab6ae1a4e83969e4 |
| SHA512 | 1c3878e1ba803ddc17a4259640ce12c740ad6cbce668b3d7b5f801f3acd1fd3354f188ff2288aa6063cef0300b15d2c7c6343318a77b5a848472a1dda3e56451 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09eeb9036474a07a85f05354f5ce5206 |
| SHA1 | 0ec14a71b5b22691c8c2c682b27621ebd32dd00c |
| SHA256 | b4346cec0e57afaaec92a2339e69228804513f8a2f218efe3107035bad558e20 |
| SHA512 | e2c6ce1fed03810a8944bf3231b6faa31cfc75f14876d63f178b8b944cf5d2425abc776c66bd39fe751dcaec204dae3f89049a7926a1dc094de8f419929dc01f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74ac0f8f0a5506dd5cd35571dc150b7e |
| SHA1 | d7a2114a742958d5b51916688d70fc032b3be0f8 |
| SHA256 | 13495802f02ede6c95b989ed52496b84947da19b0d2ad96d857ebf4c11626d5b |
| SHA512 | 319423825aa987a9c1b02ff74c49e4a270a458755d960ec02d3be24cb79d095612f1d144ad35316f4496f7c49267b99032c3a1058292d7d027fc8f626d3990de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6faa6b6d237cd84c106365f1d9c94330 |
| SHA1 | efbc1f47453edae9e475fc210051668a880ea1f8 |
| SHA256 | 1e18a9eb02d10106e1e09b1bf7a01a5d12464a9c9d71ace42052eb627ea315b4 |
| SHA512 | 3ab6fe37d562360e841a7ed70c4bb1bb052bd0b0608686f3efeed141013db727d52667264db67410b238770994d13c289e1e9ce1dc0e7211f64d200f18f7f472 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11ddefcb0beeb883a9298dfc66c0c646 |
| SHA1 | b3efd4e0cb39d5b736e33f95b1798358b68d0701 |
| SHA256 | b1d0dd60fbd86cd49b9492aa0249e51e45988372a0f1cccdb08656e367677cc2 |
| SHA512 | 65b0c40849849e43addfe5e0abcca7cffe058d8b260937d87ae493b907eac8e444a6e080cbcecb63eb6a85978e52d91dcf7867c0f327875745b939dbfa356ad9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebc39325dfa6fc54daff42bb224e24e2 |
| SHA1 | de29922126d9bc8a107a566578517b2d162572b1 |
| SHA256 | e933f877f1b8eeadc1fb6034792532fa6f2db6c05959f6ee730f8a9d627e3597 |
| SHA512 | 39728b404b5329f8d190eda37643dfc6060132a76ed2b9cff4d5cdc92cb0e8333b9665b7b24e62b66f8fc9c55e02b919378893300721a70d5976a68fc9582a8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a1eecfc8fe086bce3f73903bd0d1903 |
| SHA1 | a42cd13cc67a00bb036e197b3470fa7c92ebda60 |
| SHA256 | 1e88004dc6d3bfbb59c12df4cd15087ee0a20fc75eab548b1cf17e47e3cac619 |
| SHA512 | 3108ae93ad7b9d65c0c55c9ac8934fcbec4e678dcbfa171039aba55fa31f65c9db00e35f67ea3291aff96a2b07d6333a0bf18e7dec6fe30cba2abdd3d1dcbcd8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24c9f4bc7b8031e65e2433340875b90e |
| SHA1 | 2820d3e36d4128f86446d6bce78eae13ed4e0523 |
| SHA256 | 7b40d3c92a7b2e4dd057ce1716a4269b228f4782e1056ee6e1af0437c5b75e75 |
| SHA512 | fda5eedcaa51a535031ae8f6482bd7180f772374d3b52e80dbf3fbe20a2ba7a342d6930f8e5aa95ebb07dc49481f350778367c80f0ec2252b28a94b2e9dad9a6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00a7f2b5e8ba771de0fa554c407567e9 |
| SHA1 | c3bf8ef8c87be9f23dc78ad5f50f4a6a42499917 |
| SHA256 | d43386b58c2ce2cd9ba9de90d76ba966bf9b0c59f8a4ae616ed2ba1850e0afa7 |
| SHA512 | 9af24e04bc1fde8ab38e6554dd6f017f9f901672811eac3df96343b0841492a29dbd35abc590ffd6d73d247c65bb8785da73d4e6443019889b82959fce0534a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23e81ce3f72a790b9e890146813f9e17 |
| SHA1 | 7e89de8067ad1afb5a744168ddcfeff8d29517fc |
| SHA256 | f063619b037f0fb0330555a9662c7acabb495a134408be943e8675ab4994ea69 |
| SHA512 | ef938e09384bb4877926f7ac6d2568240d23221e56c90ad70c52304cfb72e161af172859dcec4de7f9c9426c9bcde02701c70b8b29568c10f2ae388de2cd8a5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9458718f05c14d79d0bdb5372dffa8f5 |
| SHA1 | 9caf75b76788405b306cf44111f9a04f838e3c11 |
| SHA256 | 9f85bc1a8a634735c7fa32db01caf891263432d5f4a516d6a64c941e1792cbb4 |
| SHA512 | edd0932ae6c362fefdf0353cb384a7dcaae5f97b16db8f6057c8700969ea585d23fe6772a33a48b39d9458d9ab466c3f6d036a82c626add1d8338d126453ade1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 268c93f84eab9b5f46c52de6f4839854 |
| SHA1 | 02351f4b8048eb845cfbc2e457d45db1753fd60e |
| SHA256 | 90593c2a80aecdc6d3ee240ace50d1edc871b5afaacc0a0876864e180f6b7331 |
| SHA512 | 7e24d0a67e22c68d67224dcc249a8da5f2bfdd331d9ddceb2ad6a4fa2df3555f57a55efaa0eaed9f7de8476134a1bb66d52e5b089cb96ddd8b9bea34fc7a08cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a70ceec66769315f1b2305d4a839bc2b |
| SHA1 | 3170164f544dd6e90d8e2d80bf1d2360ec9a37cd |
| SHA256 | dfe8cb168bca4715963b3bf155eb590e7e460dfadb1e1de7e86fd4f395775b71 |
| SHA512 | ec92a8c894230191fc7b163632c41adada81d4bd1090563d3572a68b414029948fa22f6c293a73499507675acd0070f028475da828649a574098ed43af519d67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bf21f63510f3f86e1c4d77d14d28084 |
| SHA1 | 00c1001efcd1e00c4e140b454964c1d8b6fcd008 |
| SHA256 | 3dd8a20648ef5f8c9f0c7dc370087a2d4ba4fc4868862bcf69434a73a6191e1e |
| SHA512 | ae7612fa424b89e29540652286ca09bf6e273a6cb783e8683fd8ca016354e11e06f9fd2473b863f625ebf7d7f8e0da189bab1cd8b5d8f4299a484cac8b65e578 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd2c76e95382f19307531e924dc73f68 |
| SHA1 | 6e98f832b76ad303c40725e2b50050e89c5c4ed5 |
| SHA256 | a6fd6f38f9ff3c058bcb4662692edd88cd07323225554151d0b304f3a506c5de |
| SHA512 | ff331d8b64cf0bc6cd31b6771cd6a4c324c11d13764af228745b71ab522408510a66c73d543edbea834f483a783bb5d6ee0d5e746160a82276252067072699e6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:37
Reported
2024-06-13 07:40
Platform
win10v2004-20240226-en
Max time kernel
141s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a475808d657a9ada3b9a327710ec9e8b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5396 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4300 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4904 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4908 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5404 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.vescontug-marine.com | udp |
| US | 8.8.8.8:53 | www.vescontug-marine.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.vescontug-marine.com | udp |
| US | 8.8.8.8:53 | www.vescontug-marine.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 104.21.47.39:443 | www.vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | www.vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | www.vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | www.vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | www.vescontug-marine.com | tcp |
| US | 104.21.47.39:443 | www.vescontug-marine.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.47.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | vescontug-marine.com | udp |
| US | 8.8.8.8:53 | vescontug-marine.com | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 104.21.47.39:443 | vescontug-marine.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.90:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 90.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| BE | 88.221.83.203:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 203.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.141.182.52.in-addr.arpa | udp |