Analysis Overview
SHA256
5decc811bb6318dd388f9381a2f10fa87a3e8238e82f86c415b70fa07756c407
Threat Level: No (potentially) malicious behavior was detected
The file a49cec0359c4b0338ba4a8e5dbd0d287_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:24
Reported
2024-06-13 08:26
Platform
win7-20240221-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006165ff9f600573419ae2dab9de2f1eca000000000200000000001066000000010000200000008b5a3e3e416b2e1c5a81017f4941bbd895f89e9ca3eb225f672dbb90701596f0000000000e8000000002000020000000b68b6b54294fa6bfee3995838c698e18d80c5dd4c67e205b0f1d8c64e724ea9d900000009f4ca401dd61cb4ff5cf13c5b3c1d754ead0f8368f1bc62ef771201801762cd830d1858f921f6264f0b7b5e7239602c41e5c99ec5d36f06c4e55be0908c1db518bb72258598a68633857e24a9aafc10a457636390e5fb79723c832442fcc125d60d876ca54ca91d659d2cb6532d7cc5c5ea5fdecfc983b6b733c9d47870259c4d77ab29eb11c2d8e464755427c4e7d7c40000000944191fe65bfaa17e5c6e111784d431698bc5c770879194574f6c88ae05cebc59c9702fd7a6b429caa0597820d01694616936910482aafb35a6baa28ac6059ce | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006165ff9f600573419ae2dab9de2f1eca0000000002000000000010660000000100002000000036230e4e0f48c7a9c88fa9f9f3e251cce96c9b5856dd12efd2bf508a942c822f000000000e8000000002000020000000579131fa40e7f9e6fdda2c3a7e2c49750c42cd62cba8511b955a4b74935214ad20000000eed6abb8ba1689fe0c85731021fcfb0270ee91416e26e872073f944df2e2ac6d400000009b8a5062b596178d561c725e54cf070a2b0b4a6503eec0d669c8c5ce3a3b240017a654c78ff3a18dc5b35af375e615d3388cbae65d9a1f2fd4e9c76397b2a848 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07e5c256bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424428914" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4CCB47F1-295E-11EF-85B1-6A83D32C515E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2180 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2180 wrote to memory of 2540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49cec0359c4b0338ba4a8e5dbd0d287_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5F33.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar6014.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 359d00ca24182f8fcc05f18c84a99b5d |
| SHA1 | 7d735f556b7a5bcfead0dcb19010f7f43f5a0078 |
| SHA256 | c782448d4d3829284c6bd27d1ef00de54e6f94c331ebb936d6a1dbb5246227a2 |
| SHA512 | f641d19062c06387da0d1b0538e0136a0a686a3deadcb0ac291f99870c9a2a45ca640551075f3a49ccc9fd39d1993e54fd0bc4584fb7aadb4aa98efe817245f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81276c8bc603e8974f16fe3cd8540426 |
| SHA1 | 7b23b8888af6b53fa3a72502c2eedd172cecd50a |
| SHA256 | fc5bb3b62537b395fe58c92b24f6cc458a3a577e1b8971409cd3a10962fb02a7 |
| SHA512 | 85b4f16a6d6f38227cdc3307db60eb1970de773b1690c919117c81c77ddcbf4a4d3736a2a211923595a3eddfebeb9816a7586cbda0fc5606528685004bc2912e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 69221949e670fc394e3690e1b8d450a6 |
| SHA1 | e8ce6254f3050af46303bdf50ce5f91b113c5974 |
| SHA256 | 97e3b77d29c8eedf1e48111778812ba69f2d91883e01b78a98d50b23c1a4da39 |
| SHA512 | e09ad8dc888ebd820025be11fcc81d4ca519a679a7d311f803299e28b00c0d173d2b8041d27475c66cf5cd3efbb77eb7f850a13f3c49994e3b2927935e3a3c26 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f15a4a6b82ee595c39dd50106e8ec74 |
| SHA1 | 2078b10103b3adab0e4cf5223942ed9a4b79b033 |
| SHA256 | 13a66cb56ca8fae5182380ed071f29bd751ca4c471e0f298e1fff1b8607a098d |
| SHA512 | f9eba7519bd5be1ee998a3f792899c18d16298a45faabcd16f794648ea00c365ab080840ccf8f251fd34e9ff4447efb288fb447ed1c03175735c735606743d80 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ef6bb63e6900940323a0d2827c751b06 |
| SHA1 | f2973a845769d481c6d363435ba9316d8fe79304 |
| SHA256 | 4b3ea8f59279be428a2b4d0d81b974d7f9926d834e271a5be4344295d93191e3 |
| SHA512 | c80706b81579d60f0edf9f697532310b08ad81fc328d9c884ef55dc3861aee62ee4109606dcb4e70f4e22b9358e5781b22aa30aada7830ffa66716009b21ad7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74a21c9921b1c4a9f5cdd300e3c5155c |
| SHA1 | 1987f8e300ea33c08bd470105a83aca7a94b9dd2 |
| SHA256 | 2155996ab58ff37b0a159b044c68ad91bcf804a5c003c1b567efab7023c43554 |
| SHA512 | 9de4e2b2e7b5c96ee9da31f9a59e8252025eb1394f8885ef3e2d4a920fee70ed231f22e33599c4917003287f9c44647aefdaf98db90edac72828ef706cb31d50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1f55304c5330d3edbb4b56fa32caa7b |
| SHA1 | 5dc69407e2b1d79fb941d0de9d744e07fafa9b11 |
| SHA256 | efa2272f3b4457daa60bfcd4115ac6e1c7306aedb813ee61834d57096ebb9b5a |
| SHA512 | 146e0c306c6921d6d57ce3c41b78c326254f630973e71d9a8dc0e196d85633e4440561b3ee350cc5551542dcf77deee83530541468d3e5d3aa6a283162ef1cbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3929816163ab5f8b89e578d173cc6ba6 |
| SHA1 | d3f113e7d6544f499f8649a05b3aea0d70b93c6b |
| SHA256 | 58d5119ff4d3af3670796aa4d5c9025b17511c308ca812a9dfa29247c9e90062 |
| SHA512 | a89da80baddf27956061f1ee7681bcbb8b6e00e89a98145cf17197f900975a84b01103e83509bfb4086f2c02c3d448720c3a42726421aa296ab7c6d9f94170d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 003f5e7074743130363f514a8d030301 |
| SHA1 | 60f5cf459d88cb1254ec48e3c975de4633670710 |
| SHA256 | a92fbf0cc9d48eda22700df616ee14e82acce2c6461d133ccc013540a6e40e9b |
| SHA512 | 016dacefa97843a0fcb60997c6b0c0d2773a3db34e3614f0193358aa45dbd16731ac54dfdbc89f37094c808bb7a23e18e5dfeddf5662e5960fad2c71e8bb1068 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ebfcb71f8a3ac2d8ade954a1fa09b26 |
| SHA1 | 82585abeb955add44f4c68041a5fccc0020a77f5 |
| SHA256 | 428b4b89f15a020f718a926811eed643882c81c220b27cd8b255fa4c3d4f2576 |
| SHA512 | 2a701cf3c73935db7b49d791c06cb5a24b2fca070d7be8ced834d458db4e80ca624c815a9405e14d6d953fa91fbe9a88f5ecfa9eb85d1340d8f14109301afd95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 602ee23d635ab04108e2d210b28c4a1c |
| SHA1 | 5afad964bf077a6d1681384516645064770ab341 |
| SHA256 | 8e4914d70b0eb032d899d8776cf4e77fafab8303f16a18e739f19b26a5b10f4c |
| SHA512 | ad22ec3552cda10b6a0b5fb6787994eab77be39660e0003ff5b4d2d3697fadd70943763906fdc422071458304e195f5c1c624e74f1c59a438a859e2cf53e8d6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0dd6111329aa87cfd3620b9fae773aff |
| SHA1 | f58026c322210273c9b4c7de431aa3036b50572b |
| SHA256 | 6840ba8ccb3ac87e5f7131460ffcb14700b21f106c05ba9966ef72faca9d9ce4 |
| SHA512 | 566d137249ec0a866d5ebbb2fce99a3d46c334a31505d2289f516344bd048065b11dad5cdb9af5be5270c98991a4b461103942d774a69ef35e5313f2edb3de24 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f30fa57d5126b6280b5c64cd13ff6e6f |
| SHA1 | 72a53681788abf5e414c468095213c813dac7e8f |
| SHA256 | 61e4068fd5dff07327df1651ac7c266ba0533c7667d62df70bf4602d841efd47 |
| SHA512 | afb862b62a23d85e001a644f2a886c6a29a42898b36bca574ba4798b5582e89a2e02e5e778ab27f4b6183c31c16c9d13175e3463e2062679556725ac613d2a5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7586a864174466dcd62e29f633e1f1a3 |
| SHA1 | 70486597f5fbc32156e9f8afc0bd8d52b5cb64a5 |
| SHA256 | 434ed4a88bc82925e2beaccd6cc75bca6c0b48481c9862e52be00709dbbf32ce |
| SHA512 | ed708a9494808a1176496ac443a7c35696c122871f989f5899e4ec2e045c31039b3929c3e6001403ab8bc74942e2639e4fd88c8511ee73a038ec610cf03a510c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c08202d8f5853a4aca0adf0ef11669fa |
| SHA1 | c3fad83412f0efcff433ab422a2c326d38f1486e |
| SHA256 | bea670809694130c07d89886c40f75c2fbf0a5c0f6c2b3856ca3444c5adbc93b |
| SHA512 | a8f4a74584377575107535fd1a09aecbb48ffe7f93077c5965273b5825ab7b1fda2bff38e8db1358577e4838cf21a61ff7c798cb99472e0ef66dc1af68c05b8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea77a1aadc7d698feaf3aa7f418c0d70 |
| SHA1 | fe9c0ebdd23515df1e7d95725617ced1ddf40652 |
| SHA256 | 7f5be0a700e2be3c36f8c48ae9f6030d0673901f3498ffab2041761285e0b323 |
| SHA512 | cf905656dc77541bb626978977899b4c66998a48bb89986da8133a5ec446c79b4954b61cc25e511e5ee8db164818a13daa36cc5d139f4c0af1249ebd54894522 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2a0c8566b34c58c2ad8934515a5ff07 |
| SHA1 | 646b714feba7d90fc742c0d4e3af859e95520e58 |
| SHA256 | 374e46cb5ec9df9c36cb12df08374d2c22112db0c2fa6fd04a61db74ee682725 |
| SHA512 | 61c1ca6ae1c120f7d099f64ef11c2dc1eeba311fad7ae918d4ba44d0fa0e2408ab4f9a2a0251c21edc6ffec0776f237e57996604a8ff1493835141d0ecc48996 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8022fc3a8cb8f7671a3d54e47019959d |
| SHA1 | 44649ebdf859a87fef99299b9385b051a74e14aa |
| SHA256 | 834ef4142560c556810b0a57136d128b50308bde56b091798f86e6f436a5f8ac |
| SHA512 | 2f3595949bbdd451278285b15f3317592d2ad996fdf8374a853eb48dcf3f08576375c473c8adb8a86d87d7d23819ec479e9aedfe0824d2eb0b6389529886ca83 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 100f1b9b8d59370ebcb3418e8ff7e340 |
| SHA1 | 84a0f9cc59a6e7f363c289fa0a53bb07b3604b0a |
| SHA256 | 8cd7b56f4163e631c8a808128a6705ba5436e29cb0a77462a20bff9793613cf9 |
| SHA512 | b881f75485da6b8016da2edee5b2007d18b0e8ab8bd47fc1fe0a9426879e1b8ff83305c25752be68a4ad31ac78db2cc4c06654bc994909902aef63648d1bb058 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:24
Reported
2024-06-13 08:26
Platform
win10v2004-20240611-en
Max time kernel
129s
Max time network
140s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49cec0359c4b0338ba4a8e5dbd0d287_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4148,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4584,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5256,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5328,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5456,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5260,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5672,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.43.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.129:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |