Analysis Overview
SHA256
6309226f6372e694d51d60ef6fe7ec6e0de07a384ab3f005efc62e1b2208f4ce
Threat Level: No (potentially) malicious behavior was detected
The file a475b80213d517df69b2741a0cc1d3fa_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:37
Reported
2024-06-13 07:40
Platform
win7-20240611-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000c6faad8ecc33d57ef2f9d28d072f9304643231baf9a48182ec5312b3fcdd5498000000000e8000000002000020000000526f8e8a4dafded9afd69b032676e0c940ee5523350139caf29845d0a0786dc920000000b4dad220601ed491bd5228d943b148a628b3b7c81c5a6383469d7c6f9c87a45f40000000b5bafec65fc48dfbf76c1450fdd0677266390cdccfaf5166f152f026eb3a4b6b3bea89b0d12ece1d36a61087f8cc2321cf014eaa0ace5baa70693e13a8c2d5f7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D2966561-2957-11EF-A0E1-D2ACEE0A983D} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000050cd10b6fb0bf752aceddf283d4f065a931ba59f726a07791295a0f67914dba7000000000e8000000002000020000000ec67eccd3e1356bbbe6184c0369eab829c791db09c5dda73c121c9fc960242c990000000e8049f470f1c133e320fd70be0caa3f71675c3d9e17840d904fb4c659d35be0761108c5f23d076d1259de537f65e436bfa07a8490778357ec5882593a802638010b2ba82c228901f6a841b368a28acc934e035d8a42a530cafbc9df448e965c0bf847de683f70f2b017b9f0d04bec97e303af92fa54998e46dcf99fd5e1595fbf28be25dce9ffeeead20a4bd03df458140000000ecb1b8983caafe9984b8509e250f3f05e5a806290ed852092703a8d12e4d690f8f36ca7e75c838556226631a9eefbce5b387a5d51cec9c19784d4a63e584352f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100a75a964bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426132" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3056 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3056 wrote to memory of 2432 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a475b80213d517df69b2741a0cc1d3fa_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | coinhive.com | udp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.165.117:443 | coinhive.com | tcp |
| US | 192.0.73.2:80 | www.gravatar.com | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 172.67.166.97:80 | saltworld.net | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 172.67.166.97:443 | saltworld.net | tcp |
| US | 8.8.8.8:53 | gamingw.net | udp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 8.8.8.8:53 | i1.wp.com | udp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 192.0.77.2:80 | i1.wp.com | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| US | 172.67.160.162:443 | gamingw.net | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabE26.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarE39.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 63cd3771b25b45db98706f7bc6564935 |
| SHA1 | 2d698be5de1bd12a9f2f5f12af6816b6d7f6b939 |
| SHA256 | dbb8500a8699129667aad872d3b6a34514b8ce5ad1589953aa719dc139007463 |
| SHA512 | f8b62ab8dd48afdd58c1aa426c1c4331186c5328dd0aa8047a261d6e9013d07f3147f5e2fcc34058a0866603f1623daf5c91705447a9806ab17deb28834311dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6a99e0c74e19e9c4502a5d028d8383a6 |
| SHA1 | a8c0425d74f3c64ccf39bcfb20f674443da0e02f |
| SHA256 | a5ee809f8a462c7bab6bf9242511743469d09d8e5c9f188030f7b2401513bfa9 |
| SHA512 | cf2d9c1c2a94cfe39749a30f6565a1459eb2cc0f7f559726f1a9751ce95b42a45fb0027fe6cbccc0f7b755295f6d0d6c30f5f699d3d1e448955243b0d5cb4ee6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eab06215b505ff7b7f56a2ca177447b8 |
| SHA1 | a92d4c3f25a718a23c7e0dba842c4d50d68166ef |
| SHA256 | 36a39f9f1be4be3ee9c2a730f21ded9c36fe76d9e4932804e927543cb635d3e2 |
| SHA512 | 9b7eba4497f06d8067ee461f3cdcb46985eb1daa8f0e12682377277d3f2b338dd14c9f31f1fca76d3a4ec605658870f4f87b152840a9b98b0b3bb5fbccf6d0f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 466912200c2e65418f946b0d0354ebfd |
| SHA1 | 8a9c1016078e6623c18f1867c5c388e3197ed2b1 |
| SHA256 | 2254f3aafe20576585e7ade3c6f531700ed58406259600dd2c0eb1a89370b7eb |
| SHA512 | 3f600a84643ad6927d3e6ff01a086d3638b142e1db9b1d43793fcf42a11a913b37a43ffda110fa9087857e8d73b9214efe7c87079e20fa75cccfea08aa7d4fb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e612e3d21c80a0ea489c80a65a21e2a3 |
| SHA1 | a271872fca8c55acc0456222144f9197f3263ec6 |
| SHA256 | 1b92a37ec9840287ff5ca26752ee780cd8e2d7745530658601c0e384147ea4ea |
| SHA512 | 06595b2c0b4f79829697b430cd038baca225e1f1000f732ad3d0956004ddd39f245bcfb8af4977d169b3f35a2093c55c8be30312a2984d399e3e37c7a7998f2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed062ee2bb148cb37ba2a1ade66668c0 |
| SHA1 | 83f80be0e690a75d0ad5580afc2d1eb905a81e46 |
| SHA256 | 0a13ae97d716fc6bbd90bda606350f275cef0418fad084d9866078fe6877290d |
| SHA512 | db447bbd2075b2d26be85300ff5f33c7ddb33a7e3afb53ea15100a3055135f68a256988d82b1480a34c984d49d9eae40ca1c016952be559f86145e4e9d5e59b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9ae1513c7ee38fe0d93496ec1252122 |
| SHA1 | 7e811bc3617cc8d85252f35eb62a29f16c51a89d |
| SHA256 | d369bf563cb5c1431a863c3af710966e725696d4847b6b7dc4c57dbdec1ba1a3 |
| SHA512 | e6cb68dfef0facbe075613a9d549ec278a7664959bcebd27651d1cea5c4d84dc1c948488aea0923e976d11db821be4de6c65fa79a688cdd2a829c3190825ed1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 460b07d3a619064a5dfc405c6c6b74cd |
| SHA1 | 95300bd3925ba533c763a3159d965cdeb66e8744 |
| SHA256 | 2eb68a70259d2c43d932e0660227942e3fb5df5011afb1f1e07994617d9a458f |
| SHA512 | 29f9d97b2c5edc971caa09e68d5e3b563e47532391e384268520288f78ba0bf6cb4965547996531b3073bea8791d01221713f5b55eff31d6208b27cf1ee09b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afcba8d3875f69d9b90dd855839ee8cb |
| SHA1 | 624a3832797ab797c27d7bdc1a780624b735d9a3 |
| SHA256 | f7d5af9043cf671cc61082a5106e08a5909832f4fce7918110d9a8f1a8da2a56 |
| SHA512 | a458050f3ab8d4b4e0033c418870b893e04b3d9be217db49c00848a08ef7e064209bf23c8e9a301469e19164cbdf2ce1fed4241c431add14ace2b3188ef62629 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a55bd00b91994c51a98c488f662e2b21 |
| SHA1 | 04cff536924f2ffa4a207667a10f0b088bc496b5 |
| SHA256 | 73a1cc87b8b894b147686e130b9c60ba93142c7c5b8e39d54a55394a7274e8be |
| SHA512 | cadbace3e35ea4ac457415a5741e20d187140505c100274876f5540899c26d3a5cf1f46627d24fc2efd0de8033f182c84bfe09f3d68199af4f2c819c90ff2464 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4aea91b0be245d196c88115d0dc9410 |
| SHA1 | c740b8d2c8963cf89242ec05150a97e1b0273cba |
| SHA256 | 9c706dc0e95f2c31f9280b785fd32d72ec713f638aae37368c1b7721f7ac83ad |
| SHA512 | 982b58969c458b91ddf9cbc36d7dd05d437eaab7900a5e96c4472417b939079a489d1004525563d0016b0eed58cb0aee0023c02188ecb176cea108d47e88ac96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba5b45a94ddbb311bc08024978f6f2ee |
| SHA1 | 253e05c91d3aba0173687bdf40413461f38c79b7 |
| SHA256 | e7747adcbdbd605c20bfbfa1f8fc4c83f255d2a7ce78dd8c683bb0209ba107b3 |
| SHA512 | ffe2389286048f0ab801b8941b4f2f7b12098f07f5f24410aa3cb076af3d29be630245816957e8be99edbd6ad3ef03da1ac3760c42dd9392c37d5e2d1301bc9b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c6c811055c67bf0bd870af2a24cc5e5 |
| SHA1 | 7d6ef980f303eb2f761a2e58278bf5c1f1a7064e |
| SHA256 | f9f5670ab8c3a9c247a45c0780045d53c75dcb8c60e9c1b57dc596a94955872f |
| SHA512 | 286c5650e8a20428e54c6d2c0810e6f4d3f2e348a87f2d54bcad4d8249554d3d72abb2416517e5d7f9858f38972469ccdb937ab5ca46faef9b0fdcda94ee15da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd587f7c1c44d713c64bf129f4d53aa5 |
| SHA1 | 9a68f48a46bc8a8b73346ead85d3be0e6e7ccaf7 |
| SHA256 | 80c8a7fd9d5b0519db8db857e039e1c66b855f38726cce87b5ffbeb681cf8955 |
| SHA512 | e5cb798fe1df4108ee7e998bc9537b9c5d04e1ea51f7120bf57af120f53303edb25b75be298ff4872dc27d42b2b899f7d7642860f8397797956e95a1a5102075 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | affd8b104fad328f448079355d898ec7 |
| SHA1 | cf55d5609f8ee7ba9ce82aaa1c1614dff1a91567 |
| SHA256 | d59b2f74604b69c23f70e3b581858c267623048c13d9a0c10a8bf728ba36d90d |
| SHA512 | 54f2f626318bdd04939dce67942717936a035f714bf8e7f7ebfb6308b2967a2f5963e5e189c45749bfc92b83f201057de86d021047382817d6cb72b08423cdf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f39fc3e43f89bab454af324fb98d4e34 |
| SHA1 | 0fe3142d1d80bac5b2e2ce2a96bdff7257431f4c |
| SHA256 | 6f84c903262ebaba8f88cabbb977076b9207086998815e6f7c94eb7e61a7969d |
| SHA512 | 24c837355b9f2d0d7dc1352e5f585a045c52972d7a445c83510018cbd50931f313cb6da17c8e9ddc517cc048fa21db4ceb4705e5aaf3a84ae4fa7a514e9c20c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 872c631310fff46429edf1b214fb8c0a |
| SHA1 | a49990df5371ff1cb74a762270f42751a8c587bd |
| SHA256 | cdb8825ac536ade2c544baf68ccaedeb9b5240b882b646e6a09741264028a314 |
| SHA512 | fea0288812909a75201d0843908cf202267c4d9b142a044a8e9e7c70ad1cce002445995190461e4189c109323e0ee112ababfaed5eb2065d96a28c960c547c63 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab0f3356cd57974be11fd7a155633b8e |
| SHA1 | 572a97ef4e406f3f9475d10a4ddd74da833d5e3f |
| SHA256 | 2181b415e5fe7a8bd12ac2a5db185f9b00c7b3a23719db04ffb36856b0b128ff |
| SHA512 | 44b2738f7265722efd3c030250dadb6ddd553646b37c662d218684cd1a4e449fa34cd3a085ef4d5bb4182de3039638e97dfade84c489c61d0a84e6c8cf35ec22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5293fb0420af52f99b5cd014d35dbaaf |
| SHA1 | ffb15020423a85b4ba0569ba8efb4cc8adc0f748 |
| SHA256 | 27062ab3bf66722a87fe0187c5aa62c9da57019b2eba736b3b1b0a3f965a9da4 |
| SHA512 | 94c1f5c1f00356f70082a0c630d950b083d6e40dc9470734f045a9f9dd85f8ae4a18c4958b08afa750f00bdd79917ca8e6ac0a15c6c95481009217f7779ed545 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed9afcc647b8c50712a51b7836aee2fd |
| SHA1 | 7820ca17b630e48363bc7dee2cf439cb0024d4c3 |
| SHA256 | 996ed8e7d4916ac36657f6966b821ea2eb00f9e81d26736fe86d36f1251907f9 |
| SHA512 | cb1a37c246091981fc21a768945eb6df82d4156afe3f562c1200e816a7de6d5ab6033acdf5d0e188feffae3d1ed4d0cceaba9605d6fc39074470dba5a691ced6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6d6f9f5645416bb01efd49ae6d3b9d3 |
| SHA1 | 80bde22e3829aeedfb0cab3970b4e4a76e024483 |
| SHA256 | 61fd8d17e81f904d888799edac2b1cfa491fb21a3ca9de71f30ca23d7bf2ff2e |
| SHA512 | edaba4f24185e7848351362525fec87b5d5b5a85e8b33d41d444f1ab6d4d6c6f0e72f867b82f01aabbeead8fefc11a359431c027f51b158f22be096d9c45e35f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b89a24168a67f82899ddcca7264ab554 |
| SHA1 | 511cf2ecdef1b60648d7ab28da8ae49b5844eb68 |
| SHA256 | cf4ac437ff99c253a651ddf73b66ac81a4543a2ad33f0ac9cc0040721abb4b48 |
| SHA512 | 14c545e5a97b1366691b33bdf0927a49442fa9d7b7b7da2be6d9ad316ef20086bfb966d5724f366c3cf29280891d738d298166ead8740c91e30d349b57765d4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45cef7c36608839c3047b12efd225b8f |
| SHA1 | 2ead5b74fb1ad44f0b9df3bc4360d4049a5f6533 |
| SHA256 | 794998f0fc6c6dcdc1fd18881477f141572152b43fbc8ff8c1396296ff467be9 |
| SHA512 | af604df7d303a4e50cd698202db45b1be7ff2eddba6a5042f19fdb896974dc213cfc0709503123f908332a7a1e20e304f8965d54ffad26e1fbeb880593b15623 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:37
Reported
2024-06-13 07:40
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
144s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a475b80213d517df69b2741a0cc1d3fa_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3792,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=3980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4000,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5280,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5304,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5448,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5284,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5472,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | www.gravatar.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | saltworld.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | saltworld.net | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |