Analysis Overview
SHA256
28169bbe4e7622274eabe75235679b031b7d58a46696b4f3f75edffa0bc5eead
Threat Level: No (potentially) malicious behavior was detected
The file a4a3085b6a518eeaee342799c625d037_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:29
Reported
2024-06-13 08:32
Platform
win7-20240611-en
Max time kernel
137s
Max time network
136s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429260" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000aba3e7ba8b9c1a701adb7c332d5b0940a0ececa346ad98abf9299a7feeb5d44e000000000e8000000002000020000000648c901266c931362bb0829401a7a6c9e034b3cd759631de2b3ed044e3844ddb900000007521e84ce867caf91dde272a171edf5764630c1e4bba8f60bba2365459ed16d43f2894a3e026ee959d23d5ce506dfd98f1286704d7962ddc9f13692c0c9dabc054dce2a8387988d402c4fb279ae76bb99b67990b0abcb04b59051fb0d369b5f0049e976287814b62034e25d1733aa841a784581668e716baf150a638c1c175c31dbd20bc1044b63ae078158eccf424c7400000009574752b7db1f0fe474084319f9c7d91759f7f0f2803839436c4f3bf54dfc619f5598f495999a1aa9b7d932350a211b5e234fe3ae7a8c523d1615a2339b92b67 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A19C0B1-295F-11EF-8F1B-D62A3499FE36} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000995a7b1147adec639324b41690b5be6e3257917c12b4eea1ca05f84c26b90776000000000e80000000020000200000000a91a94bcadc2fa458715950674fa5133079eec312045bf02fa9c31886944ca32000000063002aa6137f02498e40fa17fc77172d67edc278c85fd3cbe1c4e27b31b8811d4000000061673252b45c10b52e968a454035162571aafbdafb8419653857bfd6c02d10c1872216e4bb50bed64d0f65b3ab8ef9fc65e050973b851b781c87a3d0d7c085b3 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20d6ecee6bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3024 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3024 wrote to memory of 2252 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a3085b6a518eeaee342799c625d037_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8DEE.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8ECE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d38c50100167464e74e774042b426ee3 |
| SHA1 | 9510cffcbeaa6454181756ba7cbddda08d5f4e3b |
| SHA256 | 861fe989ff17801ae73f981f072ce1514972dcf4da05883e185f5f10bacba98d |
| SHA512 | fd42290a074a4b8fb501f6c4a35cfab9e12e86278e8f6bd094c9396f4c7e8c4e4a4d908e37d278ec9e93e87b5122ed6a536d5ee962b336ae76bcc81ded221625 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11d2fc87adc5e946610fcabad180899c |
| SHA1 | 54563905a0b7b549544bea126cd514a7e87f2746 |
| SHA256 | cf07e35e4d9405e5864fb264e28f08ab95426e1b0e3744b381a4028c2829732c |
| SHA512 | 7d78baeb205b43928c3ff0022abe4536959681a8404f4b4e1dc71ed97c7773b7362f318780ff21121fc08efa3122e24335aca894fb8692f70165a8c852eb206c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cb3c4653ea24802e4820f4f95567403 |
| SHA1 | 700060261343224f987a2d9d875f628b37c3b798 |
| SHA256 | c8551883c6b28919629f6fe3e1e5d15cb7d3daddb313e5bdc586468f1032205e |
| SHA512 | 9d2b093f8de90aca16b9aaba39a1faf388cfa00678c0b4224c4e8298159b09734865a50d10d45ae351dcdb8bb5f9ecccb2c7e7368f3f9042d37a96344f675912 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 29428f86b8c4fc759f1116ca85000fbc |
| SHA1 | 85e74aaf50a864ac8053dcc17ffefe6626986734 |
| SHA256 | aaff47427d94c40ff94dfe1421f5721d560c4ea176ee4f330ad3687b62a2d891 |
| SHA512 | d89369a40f04217e5608acaa36bfecf8e7b778a32225d42bae9aa3196ababf6289027070c6a076455dcd036854e5d7604173f4853c9a6cfde108feda14b55389 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d18603e3363e96da962d10e4474abdd |
| SHA1 | 5639366df6c86498403572ae809232eaaaee43d4 |
| SHA256 | d68eb46ff3b7fd085190bda3a0814ba5f0a1a2a929704c8a4a6bc6d1fa53c994 |
| SHA512 | b2df97c7321f667222b66c31e3804e6591298541f356940beb5322d7213f5d6be642e15fbb5e515ecda53a6b6c6d2723fc72194d26712ea1fea8d326295d2537 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9053b17bfa6d163e1081d1ea5d19d4dd |
| SHA1 | 1ebd85f79d075e52107d8dcbafdfc284cad00485 |
| SHA256 | 4cf798776f73095c3d6a7b148b4af66eb8104736bea5abd5589e88ad2ffaa1ea |
| SHA512 | 78690635b8ae94cea71889a8ae857679d055bfbcc0859ba338feb539a3be4beabaa23aa9a66e7d2a378d7718da73616b7239e017608e3d231a07ae191f097c1a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c69c724c27081040b2a00df0a8f4879d |
| SHA1 | bcc17b6a664fae46a884b9ff9768780a37382436 |
| SHA256 | 28038ce6222edbe07ec1f2fcc92813479594145d3973befd266acbf4a2cbba5d |
| SHA512 | 875bfa35ea932b9fe330dada17f7f78d1b5c22f779f03ebd785e558a37960d92ab70a285e6583a1498e8064b7d9169dd13e3cca52ff83563e5c21b77e9a420d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b30366a5686e308537a09f40bfefe15 |
| SHA1 | 14e63e6f373da8d611be8125388d6aed32ea154d |
| SHA256 | 4c247a693c6c696b5d82fa225fb2d4310f420eb924a263d0a9c2e30016f19412 |
| SHA512 | 0b3e8e25b6efd75900686e22a7dd6117098ba6b04d0fcd3dee157863831affc6b0c72fa277a2a2e5687eedff6a53fc6dd459b67874c2aed061cc8904b3d26abd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67e2564664eb3f2d74b3d0a5d41881d3 |
| SHA1 | a06187091812f1a56d7fe7013abcbc03fffbe74b |
| SHA256 | 4662088cf9563a64971ee0532bb1eca02f9319e59c48ddad80dc383fbc9b021c |
| SHA512 | 61993c69ef890b364a6808eca5a21373c0426b822f43ea31a79cff26eec718a517073e4b19d3aeefaa8f66459414f122c32a82fb1378dfca847ac14b65aa13cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04cb724215ee8c646409aec08ada61ae |
| SHA1 | 3084ace4cc1f498744f8a33a08b12093c030e0e2 |
| SHA256 | 58411f3211ee9f6e60fad944e662689a82b0e95c1b646c0e9315d30b2c281d23 |
| SHA512 | 6b2142f96da4b4cc70e747c04838378222dbedc97f14c0e5fd73d8f9a49e3b2c56c6261ee624b68c71fc80ff211c401580bc7664bdbca700de560a85eb57bca9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6da139513d49503ffae16ec7efb3db03 |
| SHA1 | f574d1df5243ddf394bcd82ca411d0382f8f8b66 |
| SHA256 | f2edc1613c2254a2969db740eb725b131d7c2a0cb36b197bf4ed749b93d8762a |
| SHA512 | e59931f92574276d24ef7673f505473631b8de487f418a0d85ef0f0dc26cfe9f18c0b142d7d5a46f1cd0b98020c58794a8dfcdbb293c275df685d0a372f2e0a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67115199d49933f96ef87a92a7ac65e4 |
| SHA1 | 8515ac72ba73284da2cb78158b4cbc689571b8d6 |
| SHA256 | 4febcf927efdafd5d961352f4fea49016191605cd455179aadb5a2a5d23f765b |
| SHA512 | 2430bf01897c8e78ade4b8ddb72993c78cf8dff1dd5e9382412d7e8097b69d451b0da9ceef8888b33f85722732718752b3c062bb3eba5f1b390efe86a8caf7c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf0ccc3a7cc7cc7f072f1fb94fa7a9cd |
| SHA1 | aa3cb135d3e8181fb595fd0b39d5c3a43a777c0a |
| SHA256 | c32bbca312327e4204eec0e75d0b30b60ac2f41d024c4c08acd83d8cb1beee09 |
| SHA512 | 2954558f995f753e604f52945525323608a20efa1e227a1ebd3238ffb7e4f8856b4e11b0b62cf3842eda83e4e30913b46aaa175d26a4cec1cf067a0382113e08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85cd55afdde37daab126dc4107ee9801 |
| SHA1 | e987e09581946af5987b1c51fb07779583784345 |
| SHA256 | ae514740366b67a4ff326e07162e986db2e8895bf87e94d7e97330cbb0d2844c |
| SHA512 | 5706a448cf317e05d35673ad5a60cc1f89eff59216da43c5f0109b5411612e4919f9e7b508c1fd9c80c39f49158f161f72740b72047bf2944b846a2585da9b23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5bc4afadeaf2d1a070da4e143e78b51 |
| SHA1 | b2d409a056466621c1f8e65d6171512b6ea4c4ca |
| SHA256 | 18ebfa39db97a41141c9d27cc872c41f022a84ae15e560533a04da61ee0618f0 |
| SHA512 | d8a6e868fa9bc893b56000dbe01d6205d9fcc285daf400177682f905eea4e3dce8717affa3d39848640ec41c352ce05c6449a53ea639df60c813c6b79b56f8af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 875decadd7491e9adf1ac261ebf16fa9 |
| SHA1 | d67cc4647970a1d402bbba42b3b336013c07b152 |
| SHA256 | 245157f963d250011ea112c4b032b5d5bcb20beb14e1e44ea524085908885fca |
| SHA512 | 5795f350b3119f89d210086e16e6f6057f917ce95ee02e6de784226a541f26705c11cf512f61f4e8bafda10078d0e78a36b99c9a0b405c3d6de931b6d0a7f424 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 841be51d8f4e1d81c5ecdfa8aa361be2 |
| SHA1 | 612580cd747802190fc8f56d8cd7412027c321be |
| SHA256 | d43530f750f70447e50c3e86cd8bee7e5e3d38afc2bf00762bfc0543bfd2f943 |
| SHA512 | aa411a01530000a64db2c8b67af7a9515158d875895a67525845e635a62ef3bf8171faccebca8e81634c45a4d6da29105cacc903ad385433cefca5bb1e5bc326 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b887d108cda16fdeb8004d70952ae63 |
| SHA1 | 99027b73e3ae15393a7bbf9a1c2d049fa0a81f33 |
| SHA256 | 2435565f5f4d40281b6747ce447e06fc3e783a6e0fb23cba3c188002fd22b9f1 |
| SHA512 | 770de466a2870c87eaed0bf6d13f2bcd9b68ed5b236449165967bbf0b9b7baddda8af3af4c6267d14b56596245ee404fa19cb0d99332c7a9e7471de2a8edb973 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:29
Reported
2024-06-13 08:32
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a3085b6a518eeaee342799c625d037_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4176,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4152,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4592,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3668,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5456,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5904,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=4856,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=2660 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |