Analysis Overview
SHA256
46f3f08a2ce79986a43dc77afbdec6998fbbfded8272be8d85dcf95cf5c042ef
Threat Level: No (potentially) malicious behavior was detected
The file a4782278320cc1b57ab6683fbc6ba701_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:40
Reported
2024-06-13 07:43
Platform
win7-20240611-en
Max time kernel
117s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000000798c615f783112ee19fd21bf141c34da716f27652c87c4d7d155a523c84cb1a000000000e80000000020000200000007f4eed082b46f44caff45cb7eb4b3b452b87f0e29744d3ce8d41b27d29c2b5c2900000000f3948fb221f0b58a1ae7d344b6c225dac7e3c380e6e1a391fc89e1cd4bbb59469dc97cb6805139d0ad87815b2d82352cf762742a921470b564b33c3a0350ab217d49b74fefc6c468da52cc4fd834a1e7e6d46e11bcd71d4f937d9a94a07c8f6724ea054c783e9811e0d009c6a0ad7174e6370928defbd72d2ba9c1c048a3eb73fb46d9a48d11f46e09ec87a60b949c0400000009a962e0eb0565a707906d20953c62d8172e40fcd7ad9932bd6c76d30126310284f7cbd8fc28b4f1aee821d71609972d7d5061032a26db67ac88bd53b8b17541c | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{36AEC921-2958-11EF-A8D3-D2DB9F9EC2A6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00d330c65bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000003c0dc3d8ad93d7941a79fe68af54708b4dafe4bae210066578ceb2257d429dc6000000000e80000000020000200000000fef92d5512d67fa4d6a8bca7dd44a81b2af1f2de4217b6136237d13b848ff2d20000000a2a7cb9dbcd7956c4f293fffada60f7ea86607c6c428b567a8d95e18908bff1640000000d16b7fa79aecc1ada3907bbe5cf956be34c73e0e55f86984d82429f9341ebc64497a5b36491fd6411df75c6b5fa363fb42ef31bcb025b16f21a8e676105e6204 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426301" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2192 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4782278320cc1b57ab6683fbc6ba701_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 99.198.127.106:443 | tcp | |
| US | 99.198.127.106:443 | tcp | |
| US | 99.198.127.106:443 | tcp | |
| US | 99.198.127.106:443 | tcp | |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab6CA9.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6D4A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d151a6fe529c2d702fdaa0c9f08955e |
| SHA1 | a9d3b543535be39ca8e1cdfdf2cc05d2455eb645 |
| SHA256 | 79ba5a67599641366599c568a92fbb2f189d92cb6a3ff761d1dc3718809f2056 |
| SHA512 | 5baa81dac60b238888e13ca5579054d2104ce0fc0b32a4512ce55789aeb1623f94ed1cbfd54e57ca0d7d56fd47bd9f26f0d8adb5bd1c10445e9c66160eeccb3f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bc5d278ea5bea2706af927d08073541 |
| SHA1 | e940089c5d8b555314881782bafb1a8597f783a9 |
| SHA256 | 5b933701264fe17cab934aa7178bd6fd0dad1571aaa4c03986aff95d80ffa366 |
| SHA512 | 15b247347c802f44923bb29407d780db2b8413784a64b138ac45b4b04d27b964757f97ebd7f1d604ecad06aaf874cef43bb64cb33918198d2e0fb6a1d3cbcdce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 689349d860639b8d5b21ad1c2307c56b |
| SHA1 | 7bd5f0240b38a8dde504346576fe8d017c4cfec1 |
| SHA256 | 131b2831e1d2f403538b512f2d63fd617592cff164925889772a1f57dbd19230 |
| SHA512 | 9c62077215d616ea6663f7d1fc24514a2c0a4043eb2bf3e93db6007140daf671d109b3f00450b89f958209fc040468ef6f5373ed92a2af048d30bdccd23c2983 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9700928e4ba8b81d51106917787616a |
| SHA1 | 665099147ae7030d7363cb5cfa3e93c19c3c899a |
| SHA256 | 20f3f1be7a841aa7e91251a3f98737c6dea5df649e478d1dec37f74107a305a2 |
| SHA512 | f2c7af7b69e6f681f7dd7a8feb840a93f74b61952157937f40d882f33de8f9efa8ac862a2a49807defab9855ce02632d10c500ff16ab267a96d625ad94005b67 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9529dc588fb7001cefb7a867e1bb57a7 |
| SHA1 | cc3b04a6371f08a690e8f3c6f965dd4095e4baec |
| SHA256 | 337abf0248343842fd3699636bd7bcc9b31ed3bb434fa3b791a4ca7133c949c7 |
| SHA512 | 30579d1484a76e48fa39ed97ab0e39dc54663d4135a0f913abf1e9c7a50fc0ab482d758bd688d60e8e3d949e0eacba7428565dd48ce40c70782456bb93fa7b2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7639b6742a96c76c77e53b12947b1a8a |
| SHA1 | 0fba1ac15c64e5c329a2e36a9829f005b95da8b4 |
| SHA256 | 85dcf5c8d7b6b21d98e6ac059af11f3a2672c78d7f1a642848d99271ec07e46e |
| SHA512 | 5ad7b74f794fcb4b1f93f0c3cfa8a1626ef8029ded82ab48781262e3923fff0f7e4944186a11bf1901d5d930f06ea9e3021f067adddb0e8229a3c37e1e214712 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22981b5fa4d5722e5d58a9753f0e08d6 |
| SHA1 | 46732385ac91aa4cf3509769008bc0b3fc997b95 |
| SHA256 | eff190c3166dbb9af219480e77ed0b5e977d3eb7dc3ad2f5c44c8e35a0c652b9 |
| SHA512 | ff4b161847c54fbe68f7e12536b7a2a02a519ff2b4c9fca46f99c1f14b5af8e9612ab54ca2171620606168634025b5566f0ed0f6b0be8a338b5687c18381b0c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b404b9ad33bc8468ac48f730361f8f5 |
| SHA1 | 51bda3c0807b0f756f9934d48167544e9656e02c |
| SHA256 | 602bbdd2a8e621f863130bdec5eac27cc2585930e424a761ccb4057f6da4e9c9 |
| SHA512 | 6d25c7afd51d08c7af93a3581dd8646c36d2eb8f2fa9dccd4dd76963c678885045461eda903496de465e97332ce2d3db044337cae9ee6d7c5319607c0103b272 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3e3cbc44c41fd9926333bb6af06e10b |
| SHA1 | d1c81f91172ff038efb33f4f0f6f026939795c18 |
| SHA256 | 4bd1f807b9ad87da0656491ee1d90e76139ddce53cf56b630ca5ce8d2c78257c |
| SHA512 | 7e00b5844f91d5290fa9a75726dacdd483903f38e5049c7ad55e9e7c929db09912564f18dd40077239cd3f369ccd270627ce9f62be5fe93767b3f598f0665545 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c55e48b5eef23555e723c7ac1da0bcc6 |
| SHA1 | e7f5ae3f2d988a44bfe4037958741a9a3a44ef3c |
| SHA256 | 5d0835e16d519b09e11ccacbbda3ae2979a6149b6ad6fff72df1727562712dd4 |
| SHA512 | e5f4bd38471502e0cb50c2ce5c8b10f14612b795af5d67b18c38ca3930b71cb0569871dc799d1eaa33e548c52beefa20e91371f6375ad29c53076c89b4b8e67f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdd477bf50b102b867511d3217c6ca3b |
| SHA1 | 5b490c2b476da9d211a3561f9997d316fc7a1e7c |
| SHA256 | 6132b09411862efea1d73e2df1cac71ae1e9572420e319f80372ff2c53783c9a |
| SHA512 | 9a1bf7e1a510eb3fceb12d848f2f585ddde466b1d2ed9518b98c11b6dabc0fe07148634acce5a131b3aaaebb6f9d91f70ddac3c3bbdc9961258dca7285c6c24f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75537c4f3e694a663f4046fbd8a07e74 |
| SHA1 | 0cc982151fedae2b7eca464102fd1272e2adce2b |
| SHA256 | 87b4bd5fe6f7a640329b5544ff666d80f65b5f4e75901902323d54ca34d84ea8 |
| SHA512 | 912541aca20a2b51080883523c8aac55b4050f202265eb799c99e0be1790f7ac7dd6175b11478c84162cc5662e1b5142be00cd8b5ccb4ca30e7a13c593f61785 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cbcfacfd08844d9a8e0b8c7d78916e4c |
| SHA1 | 5969d215cfc3fd05a2ca36e9ec4337f31e41f414 |
| SHA256 | 6b4e69b6cca330f4d7b33772c7e0fa7474931c19c2fa2a4b0dce86f456f2ab25 |
| SHA512 | 2fc4acdd58777d2885ce8e7febd94092d743fd6236f2f2f916e191d2d281426d97d0f2e7f0e369825325e11e3298d1bc37a2a4d550ca5fc86c1e3c852bf7b487 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 096bbc8a75ed42ba67ed744e3d84e385 |
| SHA1 | 4ecb17c7bfc5c8a88a828803ca08cd07df8d827c |
| SHA256 | c82454e0cb082088996448cce9c0aa897c0001c09b4965b9e4e2b5598264913a |
| SHA512 | 4a8877e4ae5c6305de042c529371a10c320f29b102c97255ed395cca7880f13bc7a7e02355526e42cc1ee9cf111643a41a69835e685ee4ab83f4623436df2d91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6431f137b1cbd8c8014199e6734ba8a |
| SHA1 | edb01bc1ec4b27729ac88348885d13a43dbdbe38 |
| SHA256 | adbd7a577feb41fe781e6eaf3851af0467d19ac9077e581846805652f342e532 |
| SHA512 | e723ecd411f38887007cc208ec5895b948f5ac6c275b3477722ff6d30ad59030a2218fb24491adebdce4eb7d91311925a95cfee07dc8889af1068b4522038b29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb7ab5b247847968e474f52fb6e78099 |
| SHA1 | f0159d17a5eed78eeb00944301acb6fc54fa0d27 |
| SHA256 | c11a51c6891a3ed083ff6835a86184caf2a44b06a6f7fa46322e99caa727dee7 |
| SHA512 | 847b70d9bfc3e6670cef3fcd1288f7054a216e449c557ed3247889ffdb985660f934ae795f137d09c98a553aeb5fc1043dd15d4045c53de46aec53dd263f999a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0215c1ad93feee2dcf5b9b2fa6b02cf6 |
| SHA1 | fdddd1429b4571d681cbc2cf46dbb705bd5ef1c6 |
| SHA256 | 4e665db196b2d6aa8380f23e658e7f7692b25847bc954e2899818aa20c82ed39 |
| SHA512 | f918dc4e6370bd0f40eb44994ca10de18b0fb04c22d597b13c4570135e05f0c27f40f880d061685f59eff7d5a57d8888a8509dc7e6300a9f4fb68ce81d325d84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6effc06beba1ad1765d4b8f2c6415e18 |
| SHA1 | 599a00f8a57f62ba4f835a2722ddcea5b1ca5425 |
| SHA256 | 283e853cb4965266b7ce346a017595bc906bf9cd849202b0bb30827a25095a04 |
| SHA512 | 52bec545a0555a854e1ce7aeec168f91863412a918c738256fb0cdbf78807ef7d5b55de428c808cef1987d0d118de6f10be21afd7fe38ac0e670718805fa1d71 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:40
Reported
2024-06-13 07:43
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4782278320cc1b57ab6683fbc6ba701_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4264,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4348,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=1968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5332,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5344,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5912,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5884,i,16856304285138459032,14480077487839828721,262144 --variations-seed-version --mojo-platform-channel-handle=4080 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| GB | 87.248.205.0:80 | tcp | |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| BE | 88.221.83.179:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 20.189.173.15:443 | tcp | |
| BE | 2.17.107.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 99.198.127.106:443 | tcp | |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 8.8.8.8:53 | oneworldtanzania.org | udp |
| US | 99.198.127.106:443 | tcp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| BE | 2.17.107.105:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 105.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |