Analysis Overview
SHA256
b51819eea73e425dc8b4ffa3e36ebd3f21a8342556edce4318da11bdec2ec35c
Threat Level: No (potentially) malicious behavior was detected
The file a48d59ae7b5f02c50d729e96eab7af78_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:06
Reported
2024-06-13 08:09
Platform
win7-20231129-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad153c126d684145bc51489cbbad6aee00000000020000000000106600000001000020000000908aadf73f42c1436ff2ecb4dcbe4f1e1c21b1f74fc2bff0932521f21b2b59a0000000000e8000000002000020000000ec2de15ea452741c7602d87d45e1947c79554c5800a9cbadd014abd47fa2d49520000000add16329728eb8c8c4c312661fa47d848a4d3d4eccd5e87c3fd54ac1c4bb6f3f40000000253c9a14f38975b20750664a0ae46c3004ebcbe437d82b8cdc7c8dba8dc653f3c0d1df8797fd074a2a5bfdf13da884785932da7c92f079dd21a88f4be819a32a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427877" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E2A33421-295B-11EF-A140-5ABF6C2465D5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ad153c126d684145bc51489cbbad6aee0000000002000000000010660000000100002000000017e48a0adc3504fe08a0b08fd5c68a159917d2d7c41aff8e26ca56df22537003000000000e80000000020000200000006c9512e912bd3f2a4d4a54b53b74c45e74626037c508dc6c15a40c920c2d610d90000000d6c1d1024e44b4fcc093d9a0a97b7428b564fed1b860afdf9db718733248504505aee24758f644e8f2e541533fa6242c05bd74d5439f900342bef702538ac0a04142011ed4e35e82cfeefdd8c054049d705c32fae448a7ee17009fed25aa9842dcc884937a604b4a9261f334c7c15029e89f960f2c7f3870e0b08eba8365c8dcb809d0305f20d359a82acf406e50aedc4000000079828d0812e04ff96fc5133695a6dd577dd49ccdfc4d697a3fde0f6ef673954a1f6fe3ba92fa745436b452764244279049a03949cc54371f73e213e253deec3e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30f048b768bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2368 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2368 wrote to memory of 2524 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48d59ae7b5f02c50d729e96eab7af78_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.aigr-contadores.com | udp |
| US | 15.197.142.173:80 | www.aigr-contadores.com | tcp |
| US | 15.197.142.173:80 | www.aigr-contadores.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.113:80 | www.bing.com | tcp |
| NL | 23.62.61.113:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3318.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b67ee38f95a9e2ee7189d72e2a38db4f |
| SHA1 | 8eed2f655877907a29a13377c50ae13782b9d99b |
| SHA256 | 689ef9dab881e122619dfda07fef7f95cec8af04120a8d242ddcbeda54a88f0d |
| SHA512 | dc9b023ff1dc89191e3718bda273810ba1e25615ad1499102b4ad4fbefa670e63842ab0e2a05f6d7baa4b23c5788a2572ad7fc1e345d863c253529dbb526d241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 97fbb5a4485e351794b651b2ad9ddae9 |
| SHA1 | 6ab9c47b0629ceeb8ce419354c26e1ed62c1f482 |
| SHA256 | e42a425d0e9e45c93cb98e8da29e90bc919e268aa4ea1d320cb6d339918ff8e8 |
| SHA512 | 6e4a1eda8767f783ea18d35fe18620b54ccdec9048993520c411f9cfae98e07f5235513d6a42d3abff83a74e43f077ee11dbd113ebfff86a0dd1f29cb7fffa01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a62eae197108a951fbdfec7170795695 |
| SHA1 | f45d3202a59307adaf01045b30e1c266094e6795 |
| SHA256 | 929fc8f40b860c81578f39df76768f08251af7c96bea97d72de65338b9a87782 |
| SHA512 | d07bcbaeb44b2e5af9c336f580ee7dd0c42c5ecbe4f775d21b13851af52af96030e2a105a2b5557150456506a9cc773e452f6dac5be9c384e0136ff792ada52d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b6a53813f8bd1b9e53e039cfa1d1741 |
| SHA1 | 1e39ad19a206697d0a91643ea273ea56b14e70e8 |
| SHA256 | bbd3b7faed1a8f1a1db59bea36f4da190e810e59fe28c600f8d67e3ead7b45c9 |
| SHA512 | 86f45e0eac79f710f41dcd1e541c4916126f2af7fe38a831828889aa5b9db13c6789a8a49d423ab49592a8ac0427abc4433a738274db8d06945e4488e4931db4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cfa859751b0ec554d90d4a94315f8ed |
| SHA1 | cb47403b0a54c95bce7c243cfe1cd129b3bf0133 |
| SHA256 | cbdb4e37e1c28d6ba2ff702dfb2d273f701b2f6986c0df6c5069314edef7d9de |
| SHA512 | 3eea37e737f35c959fff11a1b14d0b8ad8276ad269879966a27d14a6baaecff1788c9f9d91582b66b871a1e73e0bde561ee748d052a38676081559dd8bfbbeb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a80475f8da8f2439d3ba6d45f664685 |
| SHA1 | 104f768d99fce57f813b4be1d9960de242f7d635 |
| SHA256 | 1ad901f69a8a73ba0527ae385a8eaafb58bb3ca43eac4252f64085ac6e15af1a |
| SHA512 | 00d8ad68c8b090b54a8ba022cc5ed5916680cb4da59ab0ba9f8d2fccd2e8816efdc8786099b0f8471aaa8b92cd9478aa16d521a9385376c8cf420875b6efaeaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | b000192f594e652a6635339e56d6ad49 |
| SHA1 | 67b959467813faead7d2203797b40ce4fe9da461 |
| SHA256 | 5fdbb7888eb661010c5a8bf65804c135652f86ee99f7391e7f55dc0819c6a5d9 |
| SHA512 | 8e3bfbea263bb4f0279d2bab092acdaf74d68a92f349f0fa22f4822bda5d3b428e877baca9e9625051e6bb3c44be59bb34bc65c78a63dc5a461992192e6597a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0fe254b6fe9340297828b6e46c1c53a |
| SHA1 | 4920965bdbdde860d4f43198edd2f2f57d1e72a8 |
| SHA256 | bbad05a6cf89f95bb98684e69c62766c2312427b29710d0b79668577d2dc11ef |
| SHA512 | ac8387eb026112b01c630efc819083916c4d0eb8866a00042f0baca7021ecef0895eebdef6d2cce4642c9baff19b6fb31fe68c6ec2891282ef9bffd1b17392cb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abc6d16804f6bc98b3df86e707bb5b35 |
| SHA1 | 7ad15713de01d07d9da9e060a054f7ae355e3f72 |
| SHA256 | 961492d89b36cdb6be01237b51aa67a1a018dfa44c96cf1c18b712d371fd828e |
| SHA512 | 1f3361a2541550bb28607d1ebc9cfe74d4ff3465653de1c3ea80051440417166e70a1166d4c9d4debbc01de4426381aac0e648ee761335ad47b15aae6e939712 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed95d940eee6ee5a518e8df824fd8198 |
| SHA1 | 65327b55415c4ad2a77521bd797d8e093e270044 |
| SHA256 | 0fd9c519b1d8303652728131b66add81acbe47a767dfa3405d3b2a6cac6accea |
| SHA512 | 4e9affdb1a8555fa249b0c0d5c8aa2b1786d18b0eb35bfc0c30cc66c25502ca4527b83c30142b3a7e99f524aaec03cba3ebd729dcfc4de639edf23d79b1a3220 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ccd480b35034f2bdb984de1b3ad8fd5 |
| SHA1 | 125188cd4fc6125b838da0a55f91993b90ee63e2 |
| SHA256 | c6905f6db66541abb247d15fa35a3c91336c0e9b323b9678490142e328549cb2 |
| SHA512 | c9995065ff35e1b55f66fc9c9af8c70a7212631590c559ce33363b36abd00c23c44cbf2b8bb57e3e15b17d18bc7cb32fd43821b7dbbcd38f65ec71af9e99d193 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85295198b432c9e176e0c7cd8817af77 |
| SHA1 | e909562f6c772df717ca63a5837e79ce5f0a0e9e |
| SHA256 | cf133272150d21e4cd1018d094e2fd351b4c64e2d3ca2cd0f511b8081177cede |
| SHA512 | b4bd46e70e0ee930964bd6c8f1debbadf26d0639594cf6e255e8bc0220e7876986eeaffcd7346c9df6a358bd4d8638146c1bcabe606705d58a61d9917770da11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdafcd922fb469851027dbd641946136 |
| SHA1 | a091afe22babb241bb96fa2111712219209182f6 |
| SHA256 | 3e8b6b98222ca68385c38332024fdf80614f0e1d5bfeeb5554bc3547e59880d4 |
| SHA512 | 0be2c9a02f8b13d518bafb9da6dca086b9ac18de32691dacc431b05516d4d0d584d2da5fe0ad9912bea5f82fa30c2c06dd4702e704f217d87a10d0f12a9c485d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2878ec217797e3ba334836113d93da0 |
| SHA1 | f893dd81983f264f359173f31dd388b435d597cd |
| SHA256 | 205c086cf49c83e291059bbb6f259b7b5e5fc694d4a3ff67400b8b455e66a5e0 |
| SHA512 | e567babdec7a19124d5d84dfe559333fe2f0c8da797da4a9b1e72aff06914952b4790f4e25f71ee16d22d88d5c0bed2ce3ed2c0b3a81114a204584cdaa96e8e8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c630f0466f74d8c40051236b2484a75a |
| SHA1 | cdc29140065d00dc3d3551ff0d8687a8b21d6da3 |
| SHA256 | 1318d074fd0d34c36d6ffe7f42fbbb856495dd034d6d1159561ae774e4d78392 |
| SHA512 | b8b8423562b4d7d0f2dc155379c3f368ba5673b650381751f287ec9d342af9fa685d674a9fa3082a23757d0549130267a989228113870b6806f0d7e8b6f15b2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 907c1b5dd2d7911fc7b932403139c32d |
| SHA1 | 62a90a708ccba87a00d52f726f5f5946996f2cf5 |
| SHA256 | 7e1e02721cf5ef41d753a5c05531dd45f12ef9fa086553117c104e7dd1deeda9 |
| SHA512 | 6922fcca2ee2f23843cbfb156c560ca869e011fbda293465df49776bbcdf426626b2d22fb209519f6bbd0ed444f0cb3638132d737b0179d705bcf162d3562f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a208dfb0ea1b8fb512ce3c3a46210787 |
| SHA1 | 027935c0d16f091d6a84f41ded01edc706e0a6c9 |
| SHA256 | 0bb601a1d7a2efb48c31c237eb8ac9fc3349121203aa0e0600da06c8321e27e1 |
| SHA512 | f3e7ade6a1f931f1ca773fbe794d19345f4d47db4a0aebf9cdc2434dcfec458558b4b9af463f5f64b0f3ee9f11e64cc6c19ba90b801cc9e7cba1392f9cbc2fd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eec5bbe307e923f0da65bd9484b40a39 |
| SHA1 | f2699169991b308ccb1226f785d9397a6dda78c5 |
| SHA256 | 5381f1048d41057006ac813e51bff6d75c47c53224c72d1896d7fbebdce39f0c |
| SHA512 | 304a2fcf0a84c6b51193c0fcded962eed25e156d17c48b91e0304beca86f1a9ad11cdc0913b29fc649138e9bb8457b91150349d99f72db29295fa2eddd94e350 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a78949c2c5cf713f40a4d95979715c57 |
| SHA1 | 81f4cdcca02bed11e98d7c0ff1b01ab3fa8d3ceb |
| SHA256 | 3e7ca94c7e60de1d66c6cc321490919e43165ec536c4a55e2e01cdd64254c811 |
| SHA512 | 48d7cba69bcb92d5f37ea5f6c6fc5d7897fdb41b8b36eb386293180e8fb47810c16c310816bf503e06a4f0603fcb9c8c108ab87a8209cb79121b8db2a8b16d72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3db5612b01f4bb2d997073dcde1da8b6 |
| SHA1 | bdfc9041cabf57efb30612d204bb3f295e0e45ce |
| SHA256 | 130821902c584efc11631463bc4e2984b72d69dd0a8d195606634c3c081baef7 |
| SHA512 | 770649d42a4c88724dfb81e59081251bbc46914e6ca10a35b5952a204160efce1064716e1e5fa5f729bc8bd8e0bc493248e23a4e787b80a2ae7e84e3fa6177c9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:06
Reported
2024-06-13 08:09
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48d59ae7b5f02c50d729e96eab7af78_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4176,i,8660989700097327804,17931739887231169645,262144 --variations-seed-version --mojo-platform-channel-handle=3876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --field-trial-handle=3968,i,8660989700097327804,17931739887231169645,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5308,i,8660989700097327804,17931739887231169645,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5324,i,8660989700097327804,17931739887231169645,262144 --variations-seed-version --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5640,i,8660989700097327804,17931739887231169645,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.aigr-contadores.com | udp |
| US | 8.8.8.8:53 | www.aigr-contadores.com | udp |
| US | 15.197.142.173:80 | www.aigr-contadores.com | tcp |
| US | 15.197.142.173:80 | www.aigr-contadores.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.142.197.15.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| NL | 23.62.61.104:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 23.62.61.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 185.61.62.23.in-addr.arpa | udp |