Analysis Overview
SHA256
f35eda0ef982cd3fbe651f1bf319d0c14a3780afef3dd6f4789c3cda78e4ebf3
Threat Level: No (potentially) malicious behavior was detected
The file a47d484aae9d1528c64d3099801b1734_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:46
Reported
2024-06-13 07:48
Platform
win7-20240221-en
Max time kernel
149s
Max time network
139s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426654" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000038a5f3f52dd244989f0bec0b9239d990000000002000000000010660000000100002000000033f54181ed33abce2e4e4a4c8892d503c79a25622b7bbc25f44f55c4afbad79f000000000e80000000020000200000005bf92db03d8c8a72f1937889b5c5caa0a585381fa81f259c8232f28ee4e1f001200000001cface750ec4e6fe14583b7cb0e6d28979726fad0e6be97336523c9b2d6fc802400000005a62589c1ddb814123148bdb9d8ead407a9df5d9deead88d0bad68cb34f2d9360cceae1d602b531891f5a2f0e88c06bfaddce4317e7a0b131d39767bb54320fb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100740e065bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A47C2F1-2959-11EF-A304-E60682B688C9} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000038a5f3f52dd244989f0bec0b9239d9900000000020000000000106600000001000020000000ebd387bf22d8421631556392b1707fb3db36076013a676c2994c75476e6e35e0000000000e8000000002000020000000e0ab8d18cc33e474f87bec0057a441d3aa497b883c09b6b3920d1fe8a549ab23900000008d2648a55d752255a7f1d05a917c56143972c99e99801dfa7254e883cc3e7294e6b03ae2bd1611ab8ca0e2bda3ab1203641f3208edbdb5cd355101338809e17007646e9d2860cc9d777b95c3ed6bd9c01f48e3da7ebecbe2d6b5e65e5849e21d445dffed031b471aa7b50dbb6e79966cef2bd028fc051b130310fd404851809479c63fe594354e66a7f1d400930907c44000000009fb01cd69608133939ddde58a31938d748d727259a33a4026f6494b3a1b218ee000e5739a45ca1e7a76e1692a843391e9d77bd633c4d8c1390a3e1de8e2bcd4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1812 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1812 wrote to memory of 3004 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d484aae9d1528c64d3099801b1734_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | infoinstytut.pl | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.234:80 | maps.googleapis.com | tcp |
| GB | 142.250.187.202:80 | fonts.googleapis.com | tcp |
| GB | 142.250.187.234:80 | maps.googleapis.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| US | 8.8.8.8:53 | download.castaldigrafica.it | udp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| IT | 91.142.143.25:80 | download.castaldigrafica.it | tcp |
| IT | 91.142.143.25:80 | download.castaldigrafica.it | tcp |
| US | 8.8.8.8:53 | e-sistemas.com.mx | udp |
| US | 8.8.8.8:53 | e-sistemas.com.mx | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab349B.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar356A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07a44a4edbfc046f875b19772fcbb98e |
| SHA1 | 679d911705b80366198c47b8b39a5fbaa9ce1576 |
| SHA256 | 05f4c9ea0ffd17f4ca291bf41e2977d870185646299704d56f4f5fb3b856258d |
| SHA512 | 8cc5c96ef01c370993fc14e12b11f6b31d7285f431ae9c523b869d872e6dca2a657c7f5ed607d18ad8c6aa9789eecdfadb4298bd09d7f1d645fb02f86051907f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d7b387fdd23770ee29d0958eb58ce090 |
| SHA1 | 9c1b560ae7611dfa425d57ec5a66c6109fe7c65c |
| SHA256 | 3e66e65bfd747c3426ea1dd6eb3fe9fd6560e4166e3937ee1b0ba44803db5f12 |
| SHA512 | d5484e1f0cfa14fa85087fcba2cee97f05e3afa71bed57ed4d86c46515a4ae29c243989161066c7516072da16f4effae084792a6f7a8f428f9685b6a202ab3e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d3e74b70a5e198d2c3de69cba8bd090 |
| SHA1 | b148b132d8a6caf3a608b0e9e18d6057aabf31af |
| SHA256 | 288da07fdcaea051b6a7cd03a651d415cd838aae9ffe4b10c826d54a362929d1 |
| SHA512 | 5de38178ef42abc24dec90effe159917fe340c56227154d8736bb3e9932c0ffaff978a7479977829eed2af10c15cf119c6fed2334f67a6f49aeb79f64876058f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12e5db8cd82b92ab552a3f443e6603fb |
| SHA1 | f6b88fa04fb0cd943efd5945eb5cf334e8033c4d |
| SHA256 | 2b71f2c16e23001d3a10a0c937f4ca98e1800f31029cc13d5ed0ce555e48a005 |
| SHA512 | 7060cea49c4d6e9eda7e08cd59d77f37fc0d6420732b29f90dd3d3d1b7496c01aeb5b6c110bb29a61cbc93cb7607bf4c738183b31ef7ae07a882338f1d6d5716 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 364c364e8b99faa57fdcf2dd7a6a3e89 |
| SHA1 | 9574466424765f92c2c8e7528c8298b7c729031d |
| SHA256 | 291ac549ec13335dc0dc91bcb468cd92c5fc2cedfb14f37ea0164f50d79d484d |
| SHA512 | 7f4cc97271a8c1977ce92cc9a52695120d91f650b1050e183f2400bb5db6e1af9e3025b8bf5603104b03ac63dbdf889851a13b9d743dd41a7006bc8a9add9f52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa44b34e8a9f909901aab7e7104d5621 |
| SHA1 | 7ecd2d2ad10cd9cc114e753cf6ae5cdb95f313a6 |
| SHA256 | f9cf1f4f8636321fadcce929bc871f51587d4b500822da7ec35318b435c6c1c9 |
| SHA512 | 1067f49c445a680e8418ffbfec8205dc7a7c0020f383a589c8b773c85c7b5aecf613809a5599f62d597f3f80e65446d032a8863f5d3e7750ee227ec5882e81c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 98f5fd4394a902f194188aecd7505843 |
| SHA1 | cbd7e192bc4de93a65488c82223d6171446a054e |
| SHA256 | c3b70a27c0de540e96be42ddd88cecc965578768a09a74308b8c6e2370e744c5 |
| SHA512 | b0c7dab90b0ed098df30abd1f6c20d25546aeda81467b3b9b3443049c14cce1712ced7ac2f62a7c4ee2d25a0625edcb2c6dc9c532e20da7bddd3b84ddab25b74 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3802028398463da9f7b060ed2d1215e2 |
| SHA1 | 980c1d4f868497c5b3a38fa2a013f34953a3dc24 |
| SHA256 | edf54a5cfd66243e3297b676aee06a063e2c4243199540d7d68bea2576d43a71 |
| SHA512 | 6d98848b92bfe38c7f17b2e885875ce045ea941117ebf607bfd580e75834f59a38f0d5105dd34f5116bf52b3b9cd0d1695ef9e3a3d12797f79d9d6c3b6e64c76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7a7a4feebb2913d2fa16fdbb226027c |
| SHA1 | 59aa12477b3a79d4b56bc798a25d4da120849091 |
| SHA256 | 1dabc0d061cb8d8e81d3d7d064648a4fe1e6de4729b176ba73d6e54ab55e2aaf |
| SHA512 | e4091ac550ec6a8cc76711046e3dc5d1e128b1a0cc5eae493672eda83adde159040a4f84b8c1a54c33c3c1bf5875326d3095a5e25122b897f460f80ac8106052 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a01e6e2d410147ba1e5f17443a404197 |
| SHA1 | cab9092698c9e8ec7f81a683e7d52a51270b5a60 |
| SHA256 | 8b13b800156a26e1605364553c431168057fdf40ac5696c4fbcaf14415f9f2bd |
| SHA512 | 9f66e163d992413802e7212a2b120c961eda99400fe90449236a5c419b2ebd5945461bf424dfab271118f84908c5eb2a2d45ad1ec1b0a48ee4b50abd282fc7c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b7ee8a91a450db200de9c2c2afa5cda |
| SHA1 | 773755a30ef64febad3e4579f1f3e852cc75bcb9 |
| SHA256 | b9dbc07159397f869493aea2d9e5b0e2dfc462c876bfb35dad0448499ffa1820 |
| SHA512 | 68e9a3cf8f9dbb214ca9a62cd55b032c559783fa00272d47c26e491804e264b0654e9685af4271c4ef85db8a3405570180a56e946a4ed792029fb10fe0d24376 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 705331bfa703a2090cc6d9b614dcd67e |
| SHA1 | 077a32bfb54bba12391849a1c1fada496111ac3e |
| SHA256 | 83922a40f8a7f03b24339dce79e60ef4be062b0c3057ac2cd20faa5c6021b484 |
| SHA512 | 57a5f070b9ae0a4b62d13230fb905da37824fa8d0a580ff05c7e07bb215febe6e8691bcd190c303121152e7daa961319019c12776aba06225a293b4568aaa924 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2548e39b7f97104d0cd0f9d817d1cea0 |
| SHA1 | c19c2a43d94f907c88f5107791913a12c8a5efff |
| SHA256 | 431d0b44f21bf47eb5676ba192e2a642f76fe1cf9e4473bb66076a64b95a164d |
| SHA512 | 5d9654d9baf789008ec64df9927053a2fc25c5237a79b25f2e312f93271a04bb38b85d685fb10fdf601bed7615e846337f033f7a4b462bd9faa90e7d8b550d94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b56185aa19c6accb152800f1baa14ec4 |
| SHA1 | 50ee8d33ed87f9a2d2419d8f886f2269613c8977 |
| SHA256 | 99b5ee5415a74dd6595e71a530eaf585dd463b953db7f5eede7ff30ebbfe1510 |
| SHA512 | 531efc5e4577b342be6e6214c42c6d73fb128e726e298fba655728b40980e1cb43dd31ffb82ff578c802aced8d612a3567a5729ba23f350cde6f52d7548caf8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95502bc1bbfe7e51ad3c190436111e52 |
| SHA1 | 1605fdf1167f8c3ca1d4040fb959e182d96d85cb |
| SHA256 | 117f513544753179b39b4709e3888babaddb11c0760eb3f37c02a4a064f320ad |
| SHA512 | eca3827d675770ffa359b495c1de1d5747d32787599920b7586abdc01b46290b6fc00d68e6425fd09bf2f8253f5f4e21665a3a4eef3f49b7db6861b2e8e30dfd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a07509e27ae624f525ebb4111cce44bd |
| SHA1 | 4489f6042785531818b5cfe85a4d84c49f56bb06 |
| SHA256 | 25b00ad50d4a9954d90508cf4dab52e9a2aab8fc721aa71dc4591a2be65ed2b9 |
| SHA512 | 211b25eb27f63abfdc13a49ca12625cfe042bddb5c9ef1b373f2e90dcbee7a9d67e45376669a30cc2a417bb36a46a98c99ba6f58d8e834d1cb59244964a1cd08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34d0ad9ade3686cae7310b6d97269d97 |
| SHA1 | 13284f97ec907f7303cc7854ecfded5e959f86dd |
| SHA256 | 89321ace71464014eaff35e47e563620090e66f6e3abbf9b08c4d27084bcffb4 |
| SHA512 | 84aaa434ec958dc2d69453214dd652347a047c59de13c3f68af2e0dddc810e6d660838b980f411801ddb738d77a0324187fd92f4dc8e938ffe1e8e94aad02cf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f64b1d3e31f5d69d36fbb61b3f668a57 |
| SHA1 | bab7202bbf3c9057ab0f13994f25b695a358a48c |
| SHA256 | 64b597b755fa62bcef3c14199e19c152f1624d135dc9f02349a4852b1343748e |
| SHA512 | 1492c7765a520adcdbf3249fe60584f606c46b397990c3dfd62c569cb498b7f97e3195f4c21d2887de001529997edcf2b703e1741a1563dc23f488a7ceb54870 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88ca3d2da0abbbb4994397d11732aa95 |
| SHA1 | 6e06422e8ee2cd0d207f61b8f07e67bf9fcc440d |
| SHA256 | 1ba4da7ce2316fcff2798a0bc43d135372c7341136f13ab37a90fabfb143910c |
| SHA512 | 7c8c55eb26e29ce0aa63b8596ea22cddef432a1d2326bfb654e0facccbeab50460bffb0d47e00815d701b403d2d5b230304b64de9e1af2cf1ad54602d7629980 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d2a4ae3c261db7c2ed38fade880f7b1 |
| SHA1 | 4be64a76436eb62ba0a88c996feb9da327096a70 |
| SHA256 | 9f2d2318035e0683b601e986d002be71c99eeb2ebc9d749f405bd0198feec4f1 |
| SHA512 | bd086cd6b6a21b1670d1983af9c99ce8e5d29cd12e2e5bd74976ee9c5ddfbc0a22459368d06043a11a8cc75434669f81a668cac4f571613c19ba7370b7b4e3e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e9cf8973a605ff4555a97577142ffa2 |
| SHA1 | 42580abf70f0b0616401dc96a47365ca85a00760 |
| SHA256 | a57d4640fa95fee639691f621353a2dcd5205d415cd48516ac8cabc730ffa2fe |
| SHA512 | d8c5e471f5e382483690faa6346e6aeb882bd66599a0e1533371781851444d76aceef8398da60d4b15dbef3d99b5fe64329c73d63e22b06c4d5a6abd264711d2 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:46
Reported
2024-06-13 07:49
Platform
win10v2004-20240611-en
Max time kernel
129s
Max time network
148s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d484aae9d1528c64d3099801b1734_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4640,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=1952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4920,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5212,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5356,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5508,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5960,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5648,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4120,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | infoinstytut.pl | udp |
| US | 8.8.8.8:53 | infoinstytut.pl | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| GB | 142.250.187.202:80 | maps.googleapis.com | tcp |
| GB | 142.250.187.202:80 | maps.googleapis.com | tcp |
| GB | 142.250.179.234:80 | maps.googleapis.com | tcp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| US | 8.8.8.8:53 | s0.wp.com | udp |
| GB | 142.250.179.234:80 | maps.googleapis.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 216.58.201.99:80 | fonts.gstatic.com | tcp |
| US | 192.0.77.32:80 | s0.wp.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.40.255.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| PL | 185.255.40.57:80 | infoinstytut.pl | tcp |
| BE | 2.17.107.122:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 32.77.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 142.250.179.234:80 | maps.googleapis.com | tcp |
| BE | 88.221.83.218:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 218.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| BE | 88.221.83.234:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 234.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |