Analysis Overview
SHA256
bd78c4c7c1ced1636182d1666deb186d54f929c10b0cebe58da3e2c907d08096
Threat Level: No (potentially) malicious behavior was detected
The file a48bfed53361d63ce9d1da03c2db8a8f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:04
Reported
2024-06-13 08:07
Platform
win7-20240221-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A115A601-295B-11EF-B012-52ADCDCA366E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427766" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000028967ccb4034b24d81f382f80ea76ec600000000020000000000106600000001000020000000d0a07de1b685b1cec77949a6a5e1691890cb92bbfd29535a90145982a8fa0922000000000e800000000200002000000039fab1e1ad84a78d4b893f0f9767e6b619aac22f68c08066bd5982c0b821fce690000000214792ce699e979fe31b85a3ba57d00345d67f3c020459a3b3ecf7efd9752c3c733ebd9c1b3c2494bd7cab5900dfbfa167809afa2e6846f1a87af488b167481546834186e089c805aed7fd01b4afb6dc0edfb98b27a670941553c0e9c6a5c05b65882124133aadfcd938aee91b85501bea0e769b4a22c3f172b843e4ca8854710c1dc71369c065fe35bb7b470e4ca50840000000957c8c28a06ba1fb816a10857f75f37d250b3877f4b8ebd47bfd68ba0f45c282c129ad09a11d800aa173b6b1d4980259fd7c86dbd4ab52cfe90c3af43d80db5f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 200e917568bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000028967ccb4034b24d81f382f80ea76ec6000000000200000000001066000000010000200000005d01bcbf3fe9ebe4837e379a53fd6f1ff321593112c59d1d511b5e07190fa434000000000e800000000200002000000005fc5dcb981a857ebbe438147bcb63bf3191e7577efe00f22f7693dc51ae5b232000000032993f60941bb99020a4cbac55035f268f30e6820962d8d8bb6bd5909e4964644000000060ab8ecc8e62548d0b800892efeb414ad2e6cece6d6df815c9a3d23f5d28fc7530cf154486d6ab5e01bb717836719fa47e6b512954cf9c84b4cd7b1947102af8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1288 wrote to memory of 2224 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1288 wrote to memory of 2224 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1288 wrote to memory of 2224 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1288 wrote to memory of 2224 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48bfed53361d63ce9d1da03c2db8a8f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2262.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2353.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b0e784eb4c299c85591a1b164630616 |
| SHA1 | 91f40e1655a608f87be02f214f9fc65bb6a36a60 |
| SHA256 | fe20d9b6786d3391763561540b62a71be8ddf01bd7b3d04d0b76460c04e94b17 |
| SHA512 | 76f061d22326e10fd1e1acd12a2f3b4e9629a1fe159397bbf276e8a028d39d92d5a0a869b5d241c2683aaadd7f01dbc7d7353872f74eb4e2591207eff66c9de3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fc446d68268c760c21a22d2a51073831 |
| SHA1 | 23ee59bcb89adadf8a186ad8a9423ecd4d55c180 |
| SHA256 | 6443d3465b5a87eaa3b33219de9f59f5f606caa1365084e87798c17f15b62468 |
| SHA512 | 7bd8bbb9bf42ded81e1fa0f4fd369055ce9e9cac2b590f410f7966a1d857db2ee5b3bf9db95e48c2f14e91210cfd36e43e2cbb35a108412668ed8059205779f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 636b84413d461ce0120db306701c5c70 |
| SHA1 | 6447ec897146c137cb3cdae4e496a3afcdc20b72 |
| SHA256 | fdb151556595559832df0bef9cf7a6b6a24b33a60c29940e6ad02082477bd799 |
| SHA512 | e85b70bc9a8d5b9dfeb9ebb1b53a508110b8e862d37695550c84f62347f27ac38fe92b37be7e9c8d2a1bfc634d6faf9bd5e4ae78f48dd6a1c01d142ddf6d2427 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4086a701340b9a37a680eaebbb1d33fa |
| SHA1 | f0706d15ec0fc55f83a055c54e7c24a801370b63 |
| SHA256 | fe10412dfd54906d311efb00307a6f375a52d28f6c037cb3d34de0df26ee8aff |
| SHA512 | 79ed936420c95a3b8a0119f7948429329ec2fb952b4547db094756b1977419b15162da3c4df5c415b6b25e89600f0a131fcf482c8f63530d0974632c8b57019b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d131f4605da79f18e58fbb54820ea7ff |
| SHA1 | e054efd215662c2577776e415c223eda18b08f15 |
| SHA256 | 2f6459f73cc0c619871e64d2e622edcbc815f851c94b23acc6fc6ad9144a5218 |
| SHA512 | 6ff0b9692714c1e2c2402c4bd140eec24fe7f3332168eee34b715c089c28d4afddc18dd8f5e57747b9b7b6a151b8f385d0327446747ac345822c4d80439f9543 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80d87120cdc5c8162688d378569f34f5 |
| SHA1 | 2cb3ae51be127b6b9a5eea9c9cbb793e16fb9fb2 |
| SHA256 | e7abf64e419f6b432b221a171d2e3afbc68a28e30a2ae354c363c28fe1195098 |
| SHA512 | 95f5ccc485f2870e8ec2b8fcc34b5d7f43da491cc78db2fcdc24c8bc06db0c40551be81517fc1a2bc75df8c7ed5ecdc89a948a33492a25e22462c4d80f0879c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 650ded3ab1cf704f5d864c00006cda55 |
| SHA1 | 07e2dd951db4cd673402c14429bf4f7fa038bea1 |
| SHA256 | c96a68a4e0c5d9f5c633ab3839b8b2bac1b24d455a4b12c60e15b12fd6959910 |
| SHA512 | 50f08f92fe0f30cc3e65bf48d8e8a3eb8857c7301474babdaf01f69957807ba031ed36d9073a3399283f77e9019b7a1a2a16eeaee9e284555d1304080b95b26e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 599dabf440db1b32bac58b997fb8ac1d |
| SHA1 | 8763fde714135d21af508a56f14eb7eb1557280e |
| SHA256 | cc8e5a7b437e78499380eeab2470bde5ac03f575dc88f12d01b52c275b2604a6 |
| SHA512 | c0e7b81969f254b9fc64d3fd524aa5a51a518b74add85779b73128e48f965452e130046ef96c5ebc3b443d5c464db1465784b2705c93da7e881b8fcf2b0c45c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f49c315c735b7669ec8e21adfa3405d |
| SHA1 | 58dfa4b12f9065fca03534e0148d89438a3f2d14 |
| SHA256 | ea324a89f9510c22c4d39e02d1d887f0be0d6b02e38472d8ae0acd59da59637a |
| SHA512 | 9004468c0683ec8745a4be384b72f367d781de67435464c3847a2cad61f736047b37c1d2ff8d8891df10b230b41f3c364d86e5c7c6a4a5943c1da4f198843b94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 558f9d8af16b8d5da57d6f882712dd14 |
| SHA1 | a5ddcf2a6a866107c07142b467483341961c1726 |
| SHA256 | ea648c3b29c6c0cba2d558cd98eaa70bdb655cfa369e961de13627635aa885f3 |
| SHA512 | 1675cb1cae29855f41ec2192f1c917739169d9411302560708ae25cb8bdd8f89d18a864de2b657796976bedca5f85d08025b94298dfc517488a45b608d284ad6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e952311cd5cd90411864db39b22baf66 |
| SHA1 | e3fe1650c0b88de0d038d1dc033701ed498d9765 |
| SHA256 | baa157a9aea492a3c08fcafc27e5f1a99ab1b56c583475da6e4d140387c3f4ac |
| SHA512 | e2e4900d754696f2941701c05f7f3d59c267f42b1347be3993f5718587058ea7eb155eb257a246a4458e6e44774371b2bd18440381ce6d00f5ed46788339baef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f072c9f8841f3e63e82e63fdbe6706e5 |
| SHA1 | daf0866759cf8b7da7305d11c42dc68cf7885866 |
| SHA256 | c834268f69ae87c2dc2dd58f5d380ea8505442495afed378dba057456adbc5ec |
| SHA512 | 8b255776a9eeda8bb92ea2015ccc9f2f88b865300c1c7d53d220a6500293d4d5cf68cc36ac6a369c78fbd0abf0d1d38baacc4be868d45df6929e03918a302ae7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 385f4affb1629a94dda7425485ccfbe9 |
| SHA1 | f2b48a177ceb0f0c0bffadff8d0515d81a3404a6 |
| SHA256 | a5429fe9cd6908e35c83e43d9099f73a8889dfb51f0f3cfafa2d75d358b7827c |
| SHA512 | 725db3566059f45ae2663ce432f08c04ea244d579494fc7a845818afd1eb47ecb33a0168376f2e50e3da3e02ea196e445b22f60ff8ceee568c40d72681f49390 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c47604f517b44379f43ccd6d73c7046b |
| SHA1 | 5973d16b67c4ec5d7433cba72ed7572c7d700c60 |
| SHA256 | 1ad5b5bba7672b2f05e42aad16d232707ccaef809f9bd6054872a92d1cb1be54 |
| SHA512 | b86cdc124714cbbd7f60c1344dcd646ae587473ab0a1f90c248e0b2b0e9cb3a230297b3610681783b7b6fae79dd63a03e4e7ad3f1a828a2f330c02ac23c548f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 184e2342ceff89eeab77c9e00aebaa9b |
| SHA1 | eade11d55bb44d6004d32f4046fa8a8a84c3cfd8 |
| SHA256 | f89eedcdd99a59d5c7c86109162f7d03c27ba79024d6e1362f869e47feb00d91 |
| SHA512 | 9b83bbc7615aca6f5bbaa90ba32cdcc2f76f9966e88969ab521ba23efd45b8942cc6a0796aca323988b2767233f4149ab18a46d43e87ad449ee321178b5a1a57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 612f0a32f3b8178e792db4897da139a4 |
| SHA1 | dfb0e09570932c095953f49f79097e8829e8e46f |
| SHA256 | 6a18568d3c36c5e08f3f90b40c1a02b167a9171c4e3fa5012068d1c1eadb7e71 |
| SHA512 | 831b574891574a5a034edf7ae0b100683de15f2fdecc3d1209e221facf3c1c21b786c7bcd4bad089be3186d5af951a1eaf055d6649e3da554cd535cfe34be054 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 305e85e7e0e60f7ca8e750a3f7db3e0f |
| SHA1 | 70c618a4e5e2c955b519715c674fad24070db3d1 |
| SHA256 | 84d24695e35d0a3dee5337530faaa641fccb0662fbc19e874792360ac211fe79 |
| SHA512 | 42ea83579da6b9ee2b459b58ca11d789c78ff2dd004e7f762469dafcf0a6effd666c8521a48cd73597145cdf9d532e4db77753c691ff6a0f4c235441d4fff902 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3eb4df98cb54d47fb9b1ecc9da06692c |
| SHA1 | c9d1e5958e60a9ad75f9c0b8fd69dcee7bbd7c6c |
| SHA256 | 6c98271103138da84af47be8f99008053356876fe36d912553227b46ed222cce |
| SHA512 | 4ba877a3b3998695ad7d9dee00c5445f008512b2d3117fd13052eb4876a4d0b7f3c13f64d894cb8e61b30399228901ba8bc739939db8a97ade7a9c060911fd0c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ba295385b8c6c994586ff49175f7a17 |
| SHA1 | df10a38ee1e450280fdc60f77226b776ef923513 |
| SHA256 | 1efdb5f2ec45f74d969e0a9567941739770b4521de1b971dc59d18f5ef58875e |
| SHA512 | d75e86da1d086b2f15fc0799f9d944d94ae966cf5177bc0bccad701f6b76484ce36dbbe695f173d0a68f57dfc63eb3aea628fa50689c18bcfba14ce4bd964339 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:04
Reported
2024-06-13 08:07
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48bfed53361d63ce9d1da03c2db8a8f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4168,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3888,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5344,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5496,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5528,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5376,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5728,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5852,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=2088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4416,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.43.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| BE | 88.221.83.211:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 211.83.221.88.in-addr.arpa | udp |
| BE | 88.221.83.200:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 200.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.161:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 161.61.62.23.in-addr.arpa | udp |