Analysis Overview
SHA256
dc9bcf987808f0d6531100b0f781ffde9e08be2466bd43c4a9345664250cc334
Threat Level: No (potentially) malicious behavior was detected
The file a47dbd853732924a9bcafa1c0f39df45_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 07:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 07:47
Reported
2024-06-13 07:50
Platform
win7-20240611-en
Max time kernel
136s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000001583db50a9c3e12210f51ddabbc266041f8b85c309eba3366e9273a36da9ee8a000000000e8000000002000020000000b3df7ed0de0cc721a1a5b06f1368d4cd5e2a24c06b26dab824e4ddb262ea66329000000078d0871ee674af99c9a7f52ac97046817353310fca6fd451f7c3f8d6c32acdc2203364ba2d81b2749524295d825f826c2615e722b4a25e4ee07afeb8a9181fc8c1d4c03eaad52cc465af69cb883da4cf2b5757270cf05fbf838908dd32956a21edf86c4c1b33ad0a6c3df2b26e85759229637f90ce42a1efcf425c0b471ec6bbfba54f5741518af4049bb835f8493ab540000000d783c6e52211d92b37b283ea28c1f39eec11df4906a3c2b97c882beaaba6da73c0b60b4711ffe9a5918911bd57d41d535a1c546b2781ef740f37f44377c9935b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B1327D1-2959-11EF-AAE0-7E2A7D203091} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 104da91266bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426738" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e8801b916c63e6610d3e87d17180eca1fc33de600a47ff3ad02a2cc09ff17b90000000000e800000000200002000000072e7e091d0bb9d0f74877fac50e583813a9d87a5e1333a059ce829c5325256d720000000d5f425e3371cd83985cdb2f7ed503f3d48fb008b1ec88b736e2cad8cd54677234000000009adaa0d11e7b5e8433b0c0ce90ec9b4c8ddc3c725e7b00286d86b71a104f91cff4c855cac2379d73d84d7d5d9df286673d37979c389540691bd810bc6bcb5b5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2268 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2268 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2268 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2268 wrote to memory of 2948 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47dbd853732924a9bcafa1c0f39df45_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | nguyenhuytap.googlecode.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | voquocan.googlecode.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | static.mwork.vn | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| NL | 142.250.102.82:80 | voquocan.googlecode.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| NL | 142.250.102.82:443 | voquocan.googlecode.com | tcp |
| NL | 142.250.102.82:443 | voquocan.googlecode.com | tcp |
| NL | 142.250.102.82:80 | voquocan.googlecode.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh4.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| GB | 172.217.16.225:443 | lh5.googleusercontent.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | cb85f3fcf86ef0de7ef258539cae87de |
| SHA1 | c73288fff07885a62f8c7033b348863ed3b8cad1 |
| SHA256 | 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f |
| SHA512 | dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 98b2b019fc99a9f0d33292dbefc5d1bb |
| SHA1 | 78a0d7153fade01fc8400ee31c9f394f93d6b874 |
| SHA256 | b1b63fd0f3731c0840e508afdfada4e45e5f4d211a0a225d9392eee3677fc22d |
| SHA512 | cc8a6d64c09e6e76f0109504036a820678672a061e03a69e947439c02eafa374bd4eda44b6f969301b550ca1ac136ee47a15d2e0b0318e5c94d6da628d30fbfe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 2bc50d1052bcfa298e8847220563f324 |
| SHA1 | 84282f0a2b6718a1ea7d7609a1c68c2ec95b5a55 |
| SHA256 | 10e307253e6eb5723b29664552cc73a71c2e170248a7675a2010b10aeef9e151 |
| SHA512 | eb85e60ab335bff447cc2eebe1906ff68b60b157746e38018673385335a13d536f7754e7dffb445ce86ee57c05e66208e49bcb6306d94bbdef27b12db6fd2370 |
C:\Users\Admin\AppData\Local\Temp\Tar793A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\Cab7938.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295
| MD5 | a4c3e4b3f212ccf9719236eaa8f728be |
| SHA1 | e017a18974a9969ca60ca2499ac54b464d91a2ef |
| SHA256 | 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a |
| SHA512 | c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cdebbcbfb01801d04137b5efdd95dfe8 |
| SHA1 | da2a58e000a269e9b01363281c359f6da92e863c |
| SHA256 | b660214f5d58603be5e6a7e921dbe19490d01b3cd702d1d49153b4edf6749660 |
| SHA512 | f4fee7903355c87898fccc1dc1df6d7b0a1b94b72c740c7b81b5d0a3fcbf8b53286e1607a32387d519fd7f95ae9824bbadc0b2d658ad9303b3776bcbd900349a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4878f0d53ad8d8b899550470a4783e4a |
| SHA1 | 318d342e10bb033e0a2c10f5ff2de9540fb1ff33 |
| SHA256 | f683dda6da79e4eef2d26137599e19d4186a9ce4855f1da1adc01156441e626c |
| SHA512 | a6d7b8cb127fefe43980580d59c316294f7133cd0d8786f6f447485dd0274453292e22e363e968218d045dc65f6adb6a2b99d34e5ce2edfa5c5def28e001260d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51e29374aa23beed933054f1ba223883 |
| SHA1 | 124c74fe404fb60f27d98a1685cdbc44590235ea |
| SHA256 | 0c16422ed3d36daeab864ab7046641aec2e38b8b661ee8789bc88d3b1f78b7ec |
| SHA512 | 0e9b2b74f9edd80cba4958972cac11e91751d780e5cfa6d68173a9547c24c4342835f0782b98ca255e69c50eaa6e0b1623d5ce4825ffbefe429ac2cc0c9d1af4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1024b0170a7cc751632f22b3b38b1ed7 |
| SHA1 | c867000c6bb7d33c831b2ba67103212cc0355685 |
| SHA256 | 48c473f3bc982d6a0f78c7821e8b752a479502e9755fea441bea279eb2689bea |
| SHA512 | ab0c030c041bbe082196a5598b1306437e8cf580a90905569584054cead5353eafaa7e7a07c789a4efbd934c727f781990651dba3ebcc54f9b3cb77b56d57c5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5f842ab24040d0d29e7c70cde83030a |
| SHA1 | ce5df3d1054a745e7adeb6bbe15eeebcfe607990 |
| SHA256 | 187a0b589504be4644dfda6008df146171afe2fca183a61a29721e251deaf400 |
| SHA512 | 18b278cda8197bca779b2635cd23db71d8def5dcdd648c6327af0555443e90ec9cf3351cb97f2d29b03cec186bcbcfb2c888672cf5950e13d65ed83cf9665aa6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 056054387415abaaf278713a2c505449 |
| SHA1 | 9219053fb332079f5be6de10b9f42931d3bc24a2 |
| SHA256 | 87edcfead5ac56b0364662d9e8d55e12a078e27c5009ee636ebdf23da21a31f3 |
| SHA512 | b3bfd44b234d98e45c34d3dde2cb027adfd0af46be7c960336965dc244a97f583475460ff59e43cbe8b40e647fdd46d1203956ce6b9e3f51ac90a32c95db7343 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70328e882f8f4a98aa9356164003096b |
| SHA1 | 6f62e9348af5e14eea2f157b257d35aca2985fd8 |
| SHA256 | df4bafd06147cdb84fa8d38cd48ef9d8bca2f8f5d87f5a028290e58927461ed2 |
| SHA512 | e551e29ce0a2eacf8038e581b6c16bc72e487e871cdd60b663ac4aa4676dcdfc0acdc70d0bea04a5650be988dd5d6196b8a51cffd705b323efbc3937a09bbd8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | efe8899eb50ee1766edea37df043a8f7 |
| SHA1 | c95bb4a92b4ab624987867826138c27b5aa34110 |
| SHA256 | cd3c15110ed1448c2ad21d7018997774a92b38f42034d0b081376815c132a614 |
| SHA512 | e9c0f6de0d659c23d375b7f0e04fa495706a41409a32481aae829ef7e887f9ea7c06f802bd1d630359d0fa6ee3d3c56134e9baec3ba96873185ed8809ae68be6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c2bd80627ccd5d6b5420f86c7b7b9c2 |
| SHA1 | a986bc21507657fd5aa472be7883d6a82bcdfb25 |
| SHA256 | df04d542d4bcec9f2c7158fb363ff74ed2ed5183c419d0c738431b873fc853d4 |
| SHA512 | 5c345d1b9a10928e8b190131183cbf45d4187e149a40eab0d8c834f302db9ba6871550f4fc0192bd2155c3c1c1ccdd8abffbff9d75c1f101976757ce3d9c8d37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01e6cc7bd6dbcb7eef2de819da885c11 |
| SHA1 | afafb0db783bf8b142edca4b8ba2d48fe1c25366 |
| SHA256 | f86ed74e8696573f6e063bda3773beafe233a110e2aa06e167ab4b7310395c14 |
| SHA512 | 074e0131ef8e0e6020d6d244923ffa83bd131bd723126e2c2f7ae9b6407043eaf1b9e3645825495caccf81c181767d5546cd0aef50e18770f0818041b73a8de2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a571d845f3d96e488c3420cb1de76228 |
| SHA1 | 6e32b0972140eb4dbc4954adbc5cae664be149ef |
| SHA256 | 3e875bef2ecec8d86ddf4c8fa92fd9ad0c2d1e3e638fda18b4e84b74990bf7d0 |
| SHA512 | aeca402bb1c2502c3181da3f33fd8807cf68965fdb2afbbcb6a6c6224aaa2c97617cdbdedfe19d21944aea7dbc8d3ba75d5418b6b951a0fed7e4530c71344ebe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ebb04ee87b094baf5588827aa728e2e |
| SHA1 | 835bd1ce60e5c4463b7b13da84379c1909820786 |
| SHA256 | 016782c36cdcbbbee9c0837e9bf76e0dd6e5d4e927abc5709e2750c165bb5b66 |
| SHA512 | 69ae5ca62e459e0f0f709391d8d5c7a5596970d3c4f4f933a92126fd1626ef7960f794cdcedb639596d404e0f8bdb1210be01a13f8dfea964c82bf10febaff49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6808763a8ae542bdd80aaee1832e91ca |
| SHA1 | e20e0a353a6091b5d799ca6e925651e1d537e9bb |
| SHA256 | 74fa7d57eac6da338c837d3e39bc4763da4f4a2c138e6146b1c7541ece8d49e6 |
| SHA512 | 8aad95b1985a83d50c76c4e81067fb3bb77b5cd10fa6124c1d92599b16ffdafe276c3e97a959bfe7bc911d70e51aee9d1efd544b6befcac8bb3227e6320c537c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1b43ec2c225f757d18224b1f0191ff3 |
| SHA1 | c3f4375245ed5690b8d54bf2e63495825a77c6dc |
| SHA256 | 5564eb06b4690f3e2e48c5238d58f14b1cba648e5141b58ffc117e3c584edcce |
| SHA512 | 3488b9af00e1c1f02dc458209101bfa83630dd541c739518d7691e6fdcade99d52ddf97ed83d6ba921544d0e30fbb7ca577903dccd966729cfaabeffdd8cedfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c7ed051188bc7b63f35cdc714f285ee |
| SHA1 | bb67812a40e96307310ae8adb729f658fa2d8888 |
| SHA256 | 5a218ef01b197d9bb58fd832e53e62ca08b906c3028c26a38633d0e5f1d514fa |
| SHA512 | 352bbf37fe60614e33b448a996449f4325d44840647568ce9a239ebb0d832865920807f75846ed3cd5976d8c1714865d872374fb7e939ccdaee38bdbe864f6b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3757aee3aa32dacef0c3ddc0a97ad92 |
| SHA1 | 7b7f9fb73af741cfd55f3654aab9b21a1e77ea51 |
| SHA256 | 9d62597c20d683488dc43e2a043cb949288e8d262a26d1086d8ac0577b2666be |
| SHA512 | f4f1aec511a555d4b4b4126ce4a8443fe8ea57e0c4bf3800259e14d492672a235089b14a2222a05b7d478d10630d312395d1bf31ae00db68734240e86a602c22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5a45d07fef87faccc16af82b01cee8de |
| SHA1 | 01dd993ad7322ee495ceb9c410a5ef1bf31bffc1 |
| SHA256 | 8ee02117d61775dbd30bcbc55aa4ac576e4908edb97d27e801003c4f945cc9b4 |
| SHA512 | 5737ff7e0d5182b6276cbdbe45f23fee346214259d99ff1231faddc5e45304e89ac20c61021dc6071c510a36cd9a26940cf63901c3d15fa5797220121edb7d87 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33c398d45c274ccd3aa1176a9057928c |
| SHA1 | 363d689f094f7c6efa18141a237dfbb6288e9b78 |
| SHA256 | e9742f72d378466254e610afdc40d0cb94f359dd9ae70387a2878e2409a30689 |
| SHA512 | e90f01dbf590284c0988ecbbcdb4dbcbfd9f786580dc3ca37141d87f4c51a0f8af2e24e71a1411b6fae15aa17ff2861fcd14ad2942f6c0ccd953a7eb9945447c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12ba0755165343075b8aa52fd6c7374b |
| SHA1 | 50ff655cbbd3cec851fd69f26e187e0e3dcae467 |
| SHA256 | 59f7db60fab724c1de5299b92bc9df73255bf8d54103e5a3f8ba11556786a6d6 |
| SHA512 | 01ae6b9ed8a0904925b65b1269867be9b38af2162836d638ec14a6772e88a86caa95379399ca5a0713dfa612706cad1e33433519c5ac1e4ed21f721506ddfe8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9461d83bb29bfef6d772ed885e2a4746 |
| SHA1 | 1f9a60b20fdf0549eeaa3de23e501a25fe09c96d |
| SHA256 | 358f9d955d43a69e6056fbfae36725def70f25aef5f92e90fc556c3d5e85501b |
| SHA512 | 48966df3a98e16ba1bb51320b115ed742c08a82463660d9805e7b45aa0a9311fa50115e53c28fc5cde8296e5314f738d56014bb4db3bf4d4e54410e5355ac71f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 07:47
Reported
2024-06-13 07:50
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
149s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47dbd853732924a9bcafa1c0f39df45_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5728 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4596 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5392 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4052 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4244 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | nguyenhuytap.googlecode.com | udp |
| US | 8.8.8.8:53 | nguyenhuytap.googlecode.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | static.mwork.vn | udp |
| US | 8.8.8.8:53 | static.mwork.vn | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| NL | 142.250.102.82:443 | nguyenhuytap.googlecode.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | static.mwork.vn | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | static.mwork.vn | udp |
| US | 8.8.8.8:53 | static.mwork.vn | udp |
| US | 8.8.8.8:53 | voquocan.googlecode.com | udp |
| US | 8.8.8.8:53 | voquocan.googlecode.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 142.250.102.82:80 | voquocan.googlecode.com | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 142.250.180.1:80 | 1.bp.blogspot.com | tcp |
| GB | 172.217.16.225:443 | lh3.googleusercontent.com | tcp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 4.bp.blogspot.com | udp |
| GB | 142.250.180.1:80 | 4.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh4.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 3.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 225.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | tai-yahoo-mien-phi.blogspot.com | udp |
| US | 8.8.8.8:53 | tai-yahoo-mien-phi.blogspot.com | udp |
| GB | 142.250.200.1:80 | tai-yahoo-mien-phi.blogspot.com | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.200.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 20.231.121.79:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 104.208.16.94:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | tcp | |
| BE | 88.221.83.234:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 234.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| BE | 88.221.83.209:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 209.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.167.79.40.in-addr.arpa | udp |