Analysis Overview
SHA256
b223f809f45c6551d82c75a251ba7aab1ac2ef7d0aad9122a104707347750145
Threat Level: No (potentially) malicious behavior was detected
The file a47ad9d01a4948c905de6713472a78ff_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:43
Reported
2024-06-13 07:46
Platform
win7-20240611-en
Max time kernel
144s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A2FF9B41-2958-11EF-8144-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426484" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000091aee292972bbb02b46f3a2f65881f96ce74a21749730ab120703f8178a3a311000000000e80000000020000200000007d6fb2cc44a276f213d9d472ed8c194be23d665ccd5d25020f5e820b074be95220000000853ffdb0142ad9182c0047aad37f6e6684711e4d8ae5735093511fd29d5db20e40000000deeb1790530e866ca513fe1cf8e98b4c7c9170b92a8f573a5c25d6b3811bac7c9eb81cb1a62ecd3bdade27afc8e0e9168af398714f18bde883933cec5798e39a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000bda2791dadb7ffbb66ace6aa8b4cdfddbc586e7493e7f0fde1192e2806b78689000000000e80000000020000200000003994a505d4fa1f7814283eb4295f39909704d449d47e412d0e4f5081278f448690000000e40f5f6f09fb85405613c4408e24a1349982f33f39826e67e699accd2f5a4f3ce38e7015a3612a69af74e6a5dffecc6ed12ae7504db2db5a71e3db231005446167664e227da3e8feca78d8efc3a66791889f11124fa2acfbd657b7616891e071198b4020feb3fbd5567f7af972f9039505da690f0e628f04de9309442576101823b58bb0aa7c1773f2c4fc2ed664939540000000ac1735d8847d4e59549de5e6564d7242e80bca19e0e8dc8524a0709b841471ed63f3fd4ddc122c3192413013ec7194a5e585b123dd543e8fb1ebd6070cb38afc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0865d7965bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1688 wrote to memory of 1420 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 1420 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 1420 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1688 wrote to memory of 1420 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47ad9d01a4948c905de6713472a78ff_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | stats.wordpress.com | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.78.27:80 | stats.wordpress.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 192.0.78.27:80 | stats.wordpress.com | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.70.197:80 | static.addtoany.com | tcp |
| US | 104.22.70.197:80 | static.addtoany.com | tcp |
| US | 192.0.78.27:443 | stats.wordpress.com | tcp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.91:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab567B.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5768.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fc5017f0b6d8d043d355fadb7620f2b |
| SHA1 | feb1246c9f19dc787ca31e451456ca98312f2171 |
| SHA256 | 43277d709bf878178b57a746e8626e56ddf4b5af2ef820f9c76fb11283c91c18 |
| SHA512 | 3bbd2f19a05c6348196d2ef671dada73d660905836225eee8e41a820623063a5be62bdc740bd796f92ca9e02e7932f5908b91b07eb742650e276d48c32702e8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 732ebd6cfeaa32f3e15df71ed9716b71 |
| SHA1 | f0fcafef1bcecb32ec7712efc696200ec95a6700 |
| SHA256 | af3d9f05fbca2d0114c5ea6194675895cf69e0ab786c2dd84e01ecc6baea9267 |
| SHA512 | 74784bf8f546f042c0c179144272239018993fb2726e5bcc085dd285abe51ab38d1e53ab0b66583ef941a7680a4923c924cccc7cf098a140f10db12b85459a30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a131439f86541c15191b27053dec085 |
| SHA1 | c28bcc619344d682da831108ba6062e72a046267 |
| SHA256 | da69e1447145d25b4362970317cbf0e275c7064c047d1642b8a40650e3aa21b2 |
| SHA512 | eb1b9e7f0cb53e33fa17f251baffb2bfd2c7155ead5f7adbc030e1733b903839ac96dfec76bb7fbe6bea8292e60bba5315d653368e250880436270442dd8071d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b16efa4023d913298eb0efd8ebc3b377 |
| SHA1 | d211509f03904cf11bc47805a3c9c3d053ac130d |
| SHA256 | da2141bc29252943489455a4679658ff2e51642dbf417feca39c6e95e7f02052 |
| SHA512 | c4f17d6f9c787f551fe9889b2a561302a1068fe2d3b9d76b3bf83c4973b7c729577523876e9a169425baa8b8adb8cb72ee5cfceefc607c80288bfd35b3933dad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf6a1ab31957292dd0a7cb22bb39ba8b |
| SHA1 | ee465fef27cb43a92b2a52d542f080cefb89a489 |
| SHA256 | 946cce3eaf56574db9f6ff6032cc31d0ba112e4755cbd054248c5c40dc2d5ff8 |
| SHA512 | 4cd8d7a8c28185d8b4d46045dcf4e0cc49646a87fa74bea05c856df51b3ae8b00bbc14e03b0dfa9f51013a079d44b404378494c36d5e643bff943d2592cd5414 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 032a18fd16039defa97ff5dfcb338cf2 |
| SHA1 | de6d85d5650dde07824a8be89a684b8f58a360ed |
| SHA256 | 7acbb14564b049b8997035c0fd66800571b85f87aa5ac8c1594500b3e1240d41 |
| SHA512 | 92d023b811942cc7a8b194ba0d4677060a35b4172f36d5cc6807b01fdc0dd894da33b2374f61f0899c71a73a4be6f741a836e1324e52566bf2b1b089cde35756 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96be0e35df339ac799ee713b753778ae |
| SHA1 | ed65418c0ccd21df7246f3c2471fae1f48a845fc |
| SHA256 | bc8b2721110f54261054ed4f4a0ddded86e1f5523f8ad466438d2b6c0e4b40cd |
| SHA512 | ed2dd81cd5634a83aee5732a3ba005fcb0704ffa7b7eff979fd3e36e06453939a6543a3c7c056db651f124e7d0617b11629cf58604ba299dfaa03af61111516a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 078c3565e0621699faa7eb27ac946242 |
| SHA1 | b86f4942379a75e22ae1c8c20613c013e09c7642 |
| SHA256 | 30290def767adc7e0622c3d02ffc951ba0a0231efd8a68704bbf2d59ebab2797 |
| SHA512 | 5035173e1f6a9299e39e05d50fd861df1224c6457f47220f8efaf4258cc18bb1f3f4a83183d050e95a375d46671d1a7a3a08797853f99808e85d000a4daea5fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a60a8629e6ea56c3412f02bbb09ab35 |
| SHA1 | 2667d85b60614e5796126defcf7466a9df1105ed |
| SHA256 | ba13f6ccf0f816efe6913ef5d0709062453ecbe74e917956f5022da4b3198ab6 |
| SHA512 | bcb7db3f77cd32609181a7cc26f5c7d6066b78171ac16357cbadaa260ca0e2673dd7581278a5b40034fa0bfca383e451849b4ccfcff51b5fd7d8dda0f405081b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7043dc5d8aa1d7064ba7c6e5ce0f2a2 |
| SHA1 | bcf2bbf79a6e4774189638365475a774e66c81c1 |
| SHA256 | 1836012b17ba8d93985e7827465213ddf574b4bd8960f5f7efb18eab0185eb9d |
| SHA512 | 090cbcbe188c489f89c64869935cd51fa96c33af164d2b1f0d1939ea03e491f515720875e353f03bb010e6c2ec478c388e4d52dc178c05d4161da36842265c9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15b52c7b45e3c6dc133ed1ebb04d28fd |
| SHA1 | 8f09253aa96ee34ca2b011467040d33dfe7393e1 |
| SHA256 | df3b479e7ba1914f941c2f68ca216f58f293d602d4e039ce50433cbe9150cd06 |
| SHA512 | 8b0a63907aefd1f86543a7d711d36955a9f39f021ecfd72411127f3c4883cde35f73ed8356b8fc3e517fcde7f17e54774466fa564ec79bd5ca7d9721de5ac9af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ff62f8cbb41f5cbc2ebe66c44755575 |
| SHA1 | a723f08c86fab954db075ab1081c329b60b11c1a |
| SHA256 | c64aef0e549d8f3c20845598b4d44b5bc32df2b95fae26605eabc7ae712563cd |
| SHA512 | 014ce5dec1aa8f8c92111a152b516f0502bd09c179bef606cab87c075a8352612df3944f3222c9f9613f2cff3ec65e2cdf734e2f99f4b391ddbe93107f5179d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe5b6bc2af7b8da959aca92113a1213d |
| SHA1 | 278fa32ff4d279b5bd3ae05aa0f01994ab286fd1 |
| SHA256 | 735b1f2b1c87bfc326ac9c8e1934f1a4723baf5bd6423ca46143575f6b1c5609 |
| SHA512 | dacef65e6401ce0893a4ee897a82367e0e0d69697c194f9fdefc4a538a3b197249e3eae7a71bbbf5fae48d2bc4cd15e73d778b5beb957cb02b47d28a880189d3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 922d54f878605e19ce8b130ca7e804ef |
| SHA1 | 3fda0dff8bf3fed581434de1a9861317f7096a2a |
| SHA256 | 8073b691f61e9d044f058fac4b897e7d919a6ce397f16fb6be0cc8dcddc7671e |
| SHA512 | 754f6f5abe1e40e7a7cc8fcc77b0c4b914c2ee87f564aed7801eece239ed81534ebe54f94b856343ee2227583b508700973895408afbdf567de9e646416253ee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fd6f637a6d794e367fb05a669a3922d |
| SHA1 | 15433682d4c77785ddd697455fe2173ea0e154be |
| SHA256 | d17b03c169e33280ca47d573fdc6a6169d606a5f60d9c23ef9b12430a99c2fe3 |
| SHA512 | 289fb6fa7f2340a63325979c00522c5f0cbe7241886f3c7f435da74692e0c178ba986934c61625ac870e086f29dc86f6566f0cd1446d77c81d73161d16c9ac43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 79a1c0a28da0428d1996054bafb6141e |
| SHA1 | c180f1d4e8103b079a6503406ea9f40c979e48bc |
| SHA256 | 0cabca326fd5cfbed143267adc925ef6b073e27cc719947d3226ac04093222da |
| SHA512 | 7ee427015f7d863f5d86d53a2ec8ab9cd0c25dce301b4cd8a77b3b4f56fd5d52e7501f91c4be6f28d5964dac6292c579e081cbcc50665e9feddd8fc8a2d31702 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9bb7da8f7eecbb4a656d9542a729d194 |
| SHA1 | 4a75349fbd48c469b0d189305d911658d1d2b3ee |
| SHA256 | 2f92f1a174410e857f0d8b5ddac331226a76b33e0804ae0145a87915c40c51e1 |
| SHA512 | e6491977512f53d5107682c14897d5b257af52beae8830ba4346e44237a000fca7aa2a2f8dd63cfe2e45b7726a5061890f349aed540a6571f4250c0293f439b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e7bc8cca572bc0b0dd668b177682068 |
| SHA1 | f41aec5835124eac058106ac89995acf3f9c6de5 |
| SHA256 | 22e9eb1bbaed4166f2225964552a0c3746f0ba1d2387b89786cac5afbfff21eb |
| SHA512 | f4a2b25dd4f8f1c62bd22df2ae62cdb284e9526fe52082ec2ebdcefb67cef82c24a6a3e844c490e14841f1dbe24e82d177507073e87fba7c91cec560b604b131 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93cf5d8aa4e75b66bef8c559a93c4ac0 |
| SHA1 | 25ec15228b3f6092ab487ff08169b22e63811e36 |
| SHA256 | de63a9c645a8c87a9bb55002b27a929530372d17f3160c1f8ae52d3baf9a45e3 |
| SHA512 | 231332f787e0ee6c1b6bfd20bd2e9169952d1c0a3c82b04d5e0aa636b25faa65b5c9a5ef0e292ce26bc933675eb913da87c6115e0b9a18f631c2b156f3852476 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25630e3c2e7f2f0eecef2d9f23dd8558 |
| SHA1 | 96d04f91933c0ecb317b27e7a63506b9376e9416 |
| SHA256 | ab7641367e748b5c8deb2a31722c3e4606dd2b483d574f3f88ea86110a1d65a2 |
| SHA512 | 7a0a395a6a358eccaf631f472ffb40dba9c202656a87e0ee07e5f56f3fa89acf18fa9a74fde4625b672c20989ede6dcb9e4b258adb306a34ea85362d90e3b4d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39ae0456d54b685335de923c01c927e5 |
| SHA1 | fa87c23af70f71264d5b64ff512e603ba8ddbf6d |
| SHA256 | 9f0bd7c38105559f4ef823a5db06c47191bea6b60f7ad033b51a0aa4601d0339 |
| SHA512 | ef846b042f6f10b4e859b182c2623343909d5e1343ea96c9656ec3e4931057f588a75da9b14053a20c1255a5237d69b6fdb98829fde51c3fc9e71113749cb1cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2216d17bd7b7472552240f39d35d327 |
| SHA1 | d5c4da1a0062dca3b6064f7ecd5986bf800e3667 |
| SHA256 | fcaf132682daa8009e1bce3b8abe3d5d9f9b7138950521783a7b30030c3e468b |
| SHA512 | 659e7ce67c05287862775ed2585360456b14a4ec4b3506fef1be7f6888a18ee91d2183b7fe3a969b6e2a2ba11f3b265fd137c7515d3287acfab71d5ca6b3081f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:43
Reported
2024-06-13 07:46
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47ad9d01a4948c905de6713472a78ff_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4700 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4996 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5076 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5928 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4012 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5660 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | stats.wordpress.com | udp |
| US | 8.8.8.8:53 | stats.wordpress.com | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| US | 192.0.78.27:80 | stats.wordpress.com | tcp |
| US | 192.0.73.2:80 | s.gravatar.com | tcp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | stats.wordpress.com | udp |
| US | 8.8.8.8:53 | stats.wordpress.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 8.8.8.8:53 | s.gravatar.com | udp |
| US | 192.0.73.2:443 | s.gravatar.com | tcp |
| US | 192.0.78.26:443 | stats.wordpress.com | tcp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | static.addtoany.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | udp |
| US | 104.22.70.197:443 | static.addtoany.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:445 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.73.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.70.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.22:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| US | 8.8.8.8:53 | thebutterflycatcher.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.169.42:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| BE | 2.17.107.121:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 121.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| BE | 88.221.83.249:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 249.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.64.52.20.in-addr.arpa | udp |