Analysis Overview
SHA256
4f6689518fe66ce4d0f97b7cdae7d536b146045d694dbe3f1d00abed4c167af1
Threat Level: No (potentially) malicious behavior was detected
The file a47db7a352e3091f7088d48f26803e11_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:47
Reported
2024-06-13 07:50
Platform
win7-20240611-en
Max time kernel
138s
Max time network
123s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426735" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 900a124e66bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009ccb518e55f1f9cf790668f8570ecab32a23807b10d615ed0d4c046923dc166f000000000e8000000002000020000000fde384a229c0ac5998426d9063e34ff2a9414eaed0d086f7b5d08a32cdb154539000000078da943daf0c04de8266632740da71217c4e3eedd5b2640ae58d624b94463d307ca954955ef57776c4f072a92dbfd88b729af3b2ec42363b77e8965c3d8525af02015c97421dab257513e2b8a51c09601f696cd2012c3498bc9745104987f6806593c678ef8b4aba6d5c627f95d05298e8d680d424e2da7ab8873f9c38eaa7a2dc30e95e49188b6e5b6171bbbab4eaec4000000057ddf0e954c6462762d4577431585d72ff6d8b07a4577f1ea94a6e57e4caf933d874540ae429ee29332a7ee93bc784429fe6e144329f8720a5f44f5047a145ea | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000500f83a2d36f991622eb952a8a89215d1798ea120f66808bd660137b41cf44bd000000000e800000000200002000000068a1b214c467ba0bb5435b7f6954d5fa706761f6077f41287318db5efaa01ab6200000004f39f99c0e9da4404c32d8fd1b4754e33cff5bf2d1d9959859df049ce432b3024000000068d249c420b1169f3f1f4efd903d2090f845fd1fdedc8400e97ad310fb6dcbfc383951e1ef26f4e3a9d8b3349e7d933c06f6e894093ccd485d2fe91e03579e6f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39BF76E1-2959-11EF-AB87-5E4DB530A215} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2984 wrote to memory of 2676 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2984 wrote to memory of 2676 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2984 wrote to memory of 2676 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2984 wrote to memory of 2676 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47db7a352e3091f7088d48f26803e11_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s22.cnzz.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 220.185.168.234:443 | s22.cnzz.com | tcp |
| CN | 220.185.168.234:443 | s22.cnzz.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 220.185.168.234:443 | s22.cnzz.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5909.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar598A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fbc4afa644b1ec1a0fc3d57dc6c78d1 |
| SHA1 | 147057012f92077f0a7419813b12ede09f04a813 |
| SHA256 | 1d0c5e3bedb2a119c05224ccdc3d24259d71bc3f92e79ee12868910cae0b8067 |
| SHA512 | 539d5fe65dd3dd51763596a808ba6c563aaca91476d23a18618614c0866907aebb5e72e425d35f84b22624b61a697c65c97ec8e5fb4976e0ea55cf0ff8a4afde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9197650204e04b5fb5d00f1a4282a450 |
| SHA1 | 6e8efd0e594502213735b1597bf956916f68d16e |
| SHA256 | 53ec0ad8f8bb31a241c0ef398cb6e020c4f36d62bcfd1a5ceab0a2923a6efed7 |
| SHA512 | 481e33d33ddf4626b40542c62f4311af76b97d3b28004ca9501b3cba2083423125a2d8ec030ea49f16702e1951f7c4144c01dd0d17f9ef4a90463664ff022d8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04604087025e0da25383540837249004 |
| SHA1 | bd0e68ce36a017181f34c79d7b464f5506a58d05 |
| SHA256 | 58fc5b707bb268cadec017a6d11eef8692e1a2ec43882249ba5f67f6a7f65c23 |
| SHA512 | 9b22015fd0c050c9e8bcec3a2367ff040b47f00e1618d75922f2e2dc9b598f191dc9e5a15b7d3c6258f69cb224035ab5f9f1720246b8dcbd8bbbdf199add75ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6f8997387fb8d1f1456aa0371bef75c |
| SHA1 | 3ad3e51d138120365666ce563f8d433d6c45f5ed |
| SHA256 | eeb0addd3ace1888c6d027ed3810a13854b70b8f4639ca1da8804830d95e0b7b |
| SHA512 | 42f835cca1c954b498e67fcb6cd7eebfe7c221d86fedf0e7740a5665fa5353430b328e63422855d0886f9e599f127ad039ce1f7a1e1a021da75ca967a237a1fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0b4ca9f31c6f2ffd8973049933ec943 |
| SHA1 | 11846b49ea95f6890f318655c12ebbdc25d53c06 |
| SHA256 | 9529c446d910e0fe1d849bc2ae2a534d232f842e799a333f28a3a3c69ccbfbb6 |
| SHA512 | b97a45e8c9fbc81eeb2f4ac009d5619b3bf7219e6f201a88b98e75d66814d7e0c61fd7df5b2e06c9ac4a084ecb2f08d61276550f63787bee372ed580ee484bde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 851b575aa98f2be6b164bd7165d43571 |
| SHA1 | 907f9722b7d12198554d3a38a15e40d2e1825c56 |
| SHA256 | f7f44cc5cc9d5f43bf0f3c826cccf6c4cad81d8350e9a123c64fd5c413a62699 |
| SHA512 | 9af38f6fdbbd0f131ccfdafb9643e8c4fd34b65f870dd81d281ab340aa8474ef3889aa52d6afd74bfe0ea46c0a954624bd39cd46963b168db9ccb1a3b41fc33a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 727362448e279e6a34864438afb743d5 |
| SHA1 | 4d0898d57d0f7f0776551bc1c0ed895996c102c7 |
| SHA256 | 2c560166a09583bc902aa3209cddb58460d51ddca15d9885be63b0ca0b8462c3 |
| SHA512 | 3edb8e255ddc31593d1709dd15dba38e9a4bfd18d71fe24d03345f8c31158fff9ab31c29dd308883e488c2015b282b6127f75f3a741687696ad06c1e7e6f1531 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1635ae9367e644e010200a3fa255413 |
| SHA1 | dd8904ac3de9908a6cca9b24eb463c1da14d0bce |
| SHA256 | 9f545ae1eddab162374d0d05a42a057fe48d497cc26a4e02e04dcdfa11f51979 |
| SHA512 | e3caa728790b3d9deb67f8e89df852c98ce1c0e2a9445693ec359572d322059e1adc8223f2bd8fff7ad43c6224f4bc4d569f74a116547952fc9777f00cfc10c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a859295d7e238e0ebdfca06d807176b |
| SHA1 | f6365ab58e4177941bbf7c3e94bb6d14caa4f494 |
| SHA256 | 6e6bf873c93d4eff87775a879ff1e164790395b83546bdedafb1dab3b91c44f8 |
| SHA512 | 2d25c9aeebc753b1e9deb87b046963b9339fba115e8f5bd11b5e87413542d9ff33fe465ac68b3d8e731970939156e924e6cc1c638149859eb33d48b74fc8805d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2aba5205a51dc428aa09fe5d00b99efa |
| SHA1 | 2df4523a3f6d6d3a52c6f00f421bd83d2ae63707 |
| SHA256 | 8821f0cc9ae3e72e4f1661541986326bd55e2feabf64e05a89093db0e8230b3c |
| SHA512 | 40111f6bb874f9b13c6b48d967d8f1836876bcca2a7cd13a9a5856b90686650308b835fe855a64854782709494b078e994eb4f5d3801cadfae517080e8052a3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3db8cb096e97e8a5638a74dffadf0827 |
| SHA1 | 18bac5297d4355f12c42bc16bd77755fb2fafca6 |
| SHA256 | 8330c0bf93f8e925ce64ffa3773e3d725f5aff91e71a286dff4b1fa6c2549bca |
| SHA512 | fb5f11131b22cbfa51940b798e95e6c2949ae653b1c0cb2e78f90aacd2a66cd9f106f7c30d39172433ad3b3fa0847645ba1fb6bc66a8c04903152f64a4cda240 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 982541048eb981732e20ffc9d58bc749 |
| SHA1 | 17c35b25f9c484d0fd3c56376c5640de6865b5ef |
| SHA256 | 90281b7a7a3ee5204f60dc909bbecf767e5f59a159c969955c9bdc519ff2e024 |
| SHA512 | 235b5d04e61b2fb9f6761e7d91336d0339be07cb9238129959c0d04070c031bf4e3cf7d048b02544923228a9c6e5d01f17cbc9e5b3cd9c9fc638e1f3f55fc400 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c78a1f7d3965b3c4fe863f13f8df68aa |
| SHA1 | b7f22907d7eaa2eb27d7f602e80a0346a217e1fb |
| SHA256 | a08ce7bc333cf0de37765b9f391582340fb72ea7a66353584b20feee2bac9d56 |
| SHA512 | 12d3ffe7883da36452f8dad5fbe398fc85f618229891e9cde37989ae80066b3a3ec7058b9db961b9dc44361516f0962c922c514f71fad915a6433a760bf538d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f8c440b5154657139fbaddd28a339cd |
| SHA1 | 47b145521b9d939b7381cd998f8050736d4e2a83 |
| SHA256 | 0d5abaacdc0b64e355ca47278c5955e2a77176955043f4e8a501f153e453f9f0 |
| SHA512 | 1f7aadce02c05bebf9eb10baf74f673d9fc11cc6fd7c76722ae2003238c9e8ed069315109800456578a1ba95c23d1a3823e04c8139ac8d69d25436ba1e9ff21f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c2a601446afb68291040ab1437fa568 |
| SHA1 | e78809b007963fa01895b9e92b17f82cb3d30dc0 |
| SHA256 | cc53f9b3e559e24b470558f2f9ffea8f9bee0180a7885047d5502f74618365fc |
| SHA512 | dba720623cc2626d34b4cf8cf3cabedf9b0acadbb3819dcdd23fc18025dfbf481a4654d8ecda47dacdfed1bfbdfb94b5d9f0e64dfb302282913dd1fa45542541 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 351e7b50f761250853ebc566bfdcf9ef |
| SHA1 | 59ee6ba29b0415ade02ae75a337f61cd4a071a6d |
| SHA256 | 848a8ac6d1d341e4540afe99cb1b40ff83dae69488e9c1933f28d8f9b2b2fae2 |
| SHA512 | b26aadd352994cea24c53eacfe717482759c02013b6abb1ba2ceaa03306fda234f80caaf60b343c55516aa571149d67c9c68966a30465f58ed649a5a5fab46b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4606b5b144048baaa2b6b19681f5504 |
| SHA1 | 95c329067128f9029970f002f9c665c483bd171b |
| SHA256 | 03bd9547714f215136f111fb2f3edaa66b6676196b9060ddca4303d710bb2ebe |
| SHA512 | a0ec953d0722e87c62e9cdcadb31ccc219ff8df7691a4c02266a2cc96241dbcb337aa8f2ed0fc96a6063a5d846824c85c208e4aeeaff95f4b87c4ed04f2c88d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee5a495a8e9397062ea4c8dc9bca4f73 |
| SHA1 | 7cb4b1b464936d11407cfb56af42d0061e4e0160 |
| SHA256 | d0a036b70c15b7ca315593fe45df8173b4fd66c784cc7cac2c6af92610536e0a |
| SHA512 | 70f0d43c6e009d8c7363a091c68a05bad90280be282f08753dcc31b161311e170e2a1e8aba3370526daf21912cba31d135f6927dead897b9c03f0c2dffee290c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 160d68899461230ccd3db6f878e2246a |
| SHA1 | 182accff2bc5c213dc88e1c8479954e79b645c99 |
| SHA256 | 9b87ad2dfda73a880f8102fc68c34a54c99d0520a6f56067632be9e2b7308a4a |
| SHA512 | 67afc56641bca440c066106a0345b0572c857d87fd7beb50e7b27ef473830a532c1f328eacfb673c65b633d9698d696d0685687c230f3e4f1394864d7283c742 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:47
Reported
2024-06-13 07:50
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47db7a352e3091f7088d48f26803e11_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1044 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3704 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3416 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4900 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4352 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | s22.cnzz.com | udp |
| US | 8.8.8.8:53 | s22.cnzz.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| CN | 220.185.168.234:443 | s22.cnzz.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| CN | 220.185.168.234:443 | s22.cnzz.com | tcp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.20:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 20.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| BE | 88.221.83.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 200.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| BE | 88.221.83.218:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 218.83.221.88.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |