Analysis Overview
SHA256
3a5ec8f8938a5eb80a5e48d88d1b536c5f7f7d79d540836680ed478c42e91437
Threat Level: No (potentially) malicious behavior was detected
The file a4a5b7c821214983f79725100cc659dc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:32
Reported
2024-06-13 08:35
Platform
win7-20240611-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7AEF1ED1-295F-11EF-A05A-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429421" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2360 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2296 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a5b7c821214983f79725100cc659dc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1A16.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1AC6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f06369ec9112016dd4636a1a84f28271 |
| SHA1 | 45e80bfcc1398f01d64af4da0d769bb75daaf6b1 |
| SHA256 | d6dfc147047fcd5b4a01b597f4acd7c3fd56d50ca8845021387988c3b2889a47 |
| SHA512 | bfaac045f831973b4b53da24e8e62680639ebb9b03a8e67073c0d571fd8236fce5a3a78113148a67026c6f95a153e34f2f0b612c999cfcc8775fdf0a9c7b5ab2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 213f8fbc6b0e99536125dcd811824415 |
| SHA1 | 32bb77a8ff96fdefce2feffb2dd1ee045c5ce336 |
| SHA256 | 12ab2c945efccec6339c725b9128a370fa6e3c4666fde47deee749d3b26d2186 |
| SHA512 | b31473e2e38d9a588aa7b2dc996e667fe145cba5b13be7bfebe3110df18b6bbf9614755d9133b8cc45f488a410138b79df58374d98b8870668961b6b6260b4dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4941113d25ffda360938b20d0ed6b547 |
| SHA1 | bc53aafeec0154ba30692166e371e1b09da53b40 |
| SHA256 | f9c4555c9b5b5b9a02fc8735adfc81d6be89b316c7abd62b703b5f82b229e494 |
| SHA512 | 13eb28a8cfcbbd5b65da1c404b18756b7e8232489fb6e9f742d710128d18dedd0fed1b177d972002c65ece39aa33df9c6ac98d26930cdb42c7debb73987e49f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80a0ac0ecf68110a6a1b057c1bfa6923 |
| SHA1 | 650452f9b1fb8d0d3a7cbb1564aee7a7277e0f30 |
| SHA256 | 7704c6b3e4dc7cca858ea97ca1469f4437444533e8a8acf353531a480049862f |
| SHA512 | 17aa567709cbbf0103c4df0469bb7a6a8f937b4a2fecdae661f475517e09492b5912af9597a009dc8aeec64cba89d020c59ee2d2340e7a7a304eaa3908f10c34 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 378767df20c221f54abd3ace18e5b9d5 |
| SHA1 | 62a181e198956f3cb50f61f294437e80b63240a4 |
| SHA256 | df6b70c49a33bf8a2cec9c62ea7ac62f17fe85e6544263e3b94e430e5d3d2fde |
| SHA512 | d9c4996a5fcd5cb32deba2785c04e5b147c761f17d76475de4431a5c17ee42d770396ad1c965e7d5ba1ad1a9365af598a12da2f2fee52b27ddc0f5ac7681f371 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5343398cac213573489ce19797720e44 |
| SHA1 | f92e7492d311478dbcfaddc4944de22be1a3265a |
| SHA256 | 421b4f82bcf4f53de788b778cfd2d71974109b0ed5ffbb857e7f8ea25aefb75c |
| SHA512 | c5c23b728e1f38fe9414fc7d82138a0bc4f22ef29ec252fd4a190808615a7f3e9718e71e09179941ac7f8b2f5a4c021bf57646ac42d2c6f5c1554279796c3fb6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df46eea0e5eb58cbd97243fd8258fddc |
| SHA1 | a0890c51b1b243a286c8c50ac11e136d33a1422e |
| SHA256 | 27d32a494c01eca705cb166063fa9c9886428581a19cafb549df0e61f24f858a |
| SHA512 | 7487f06e98fa38c3312d29610cf1ecfc42c3e7ddb2ee03c0080055d50ea3b4c1e8b9736c61ba04105cdeb075487d52f9cbb7d9ccf775def3bfac6c045c546469 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcfea0e5e853bebc2f46b3d1a3e7ce83 |
| SHA1 | 2741ad774c1c9beb6d4dec64a18775d9f7896c8b |
| SHA256 | 6d4bcb5d2623db5f8f9f7edba9f662929af615ccc5d65e9062dc54af17e3ea02 |
| SHA512 | be200770ba3ca9b9d67a9e31fb4404dfcac4ea1e94d3a9458e0f0d689087571b626121a92dfd2492e2d623bd7fe364dfeab72197dc10729a0dd09d499d051f3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e23b4eaa064d6583cddd2797a590ca36 |
| SHA1 | 1bb284b33f19e646a11f6101f60c4963b3ac9133 |
| SHA256 | 8e4484f2fbdfd61363408056795930f5bebd5e6efdfe566f8a87ec487b8c6372 |
| SHA512 | 4dcff0e248dfdbbd5031fb874da494048935fd3cc7b6ad47d3d53fb70c967c7d86272770093990c1182364f48929eeceee4933a6bad5335019f0e567b18d7dd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8a3dd88ba435880cf58871241a6b039 |
| SHA1 | 38a6f4696fcf95fac1217553f300db1c79c240bb |
| SHA256 | ced7031e8879a01abc6c6a88ca16461cd14384d6f325736878bc7949f720bd40 |
| SHA512 | 74422be583adeecc586fc04f382eed9d8da1ebebf45aac5ad40a7137318ab8f7a9f9ad7d8c2c87da07580f8b6def58e853d505b4417a2823952b1664ed2f0dea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 771c59ad7b60f7ebae8a96fa93dcbf7c |
| SHA1 | 60443d009286980423189e4de478f02692453e6d |
| SHA256 | 1917f23070a292047ee53aecc18b0fa94ad0691299b636386bc9e1cff5b2fa6d |
| SHA512 | 6d859faa6ed34a859a67767985981d703031b5abfa56f5bed3f77ba0ddab2e7e4e5b4de6b31d1e3d70aaefba4a8820d5e84c4bd836e90a2028fbaa05af520fa7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 328b7e639f4e2e2610ebe33d8c2a405e |
| SHA1 | f49e1189f14d45aad13c23ecde65f5a75af5d318 |
| SHA256 | ce9b2330717abba01a2ade6874bda570978b7532eeeb03cd6b7ac457ca6ad228 |
| SHA512 | ebf8dfffbcd02880269bc57d96d824d45f66058441b0d45c1fb066eb05012232347e177d96be0a3c960a6ac8ccba64dbeec5833f27642fb4edcff15932c9ecda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6626ba71d828d47e017046c9ecb68ce |
| SHA1 | dd84443d1caae4a54f5e71312d8d83c061cc3fd3 |
| SHA256 | daf7ad294b837142ffc7e31b960659fe58d4f09a390891a3afb5f421b66eb9bb |
| SHA512 | f4e0ca20342273ae10d484188d857c8c6a47a8b79dc02ddf68d302b12031adb754f6c718507ec9bc3baf82e00c8d8f59e121d7da8d27d438588b68b1fc2a4879 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90192c2e4c563bb684d4dd4ac5ff3faa |
| SHA1 | e6321e8de81b2ffac86aff1502a7c3e087733b65 |
| SHA256 | 4c2e6a99078c5c017a3124dc68cdb32f47a98bc71c3d27a54ca006d090a95a5b |
| SHA512 | e995ae4276379fc9f5b802eea5a22b88ae6739cc55cb14e3bb96ac9d143cc40777a8c592ea7d22433c2f44b6903f44e5058b4f53bb0bbd7ccebbb185ef00f008 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b29a939a432b7c2f68aedcf3cda6bbf2 |
| SHA1 | 446999ceafdd79b306d5a9a69173feafa4d235c4 |
| SHA256 | 276be8be00810e0de92ca0b19218d734ccc565fbc3a3b4aac6b7069b961748a4 |
| SHA512 | b7c5f6b84d37c1259990dde110955c7ca7be621fa7c9c3936bc7394a4d175ca8f804c317fab569eee381db6b5cbb4fdd00d4cdf3ceb748d49ecc5b0349da64a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ed8ca5d4705f15f6622df139a1b7d63 |
| SHA1 | 3f3b2341b9ebf181f51e0c74a9fe8098a09fc532 |
| SHA256 | 4f23b70da26f2ed833c1ffe53a1419cc5ae98caf75234be599b6ab94d9e10c43 |
| SHA512 | 87b49ad6e1559916787234306df387d8335a3cf40cab52b4daadb28811fcd7c384973f0312900f340e6ae6db077f370c35a090749e98bdc0c56562d82bb4898f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b531deb8ae3de9712dd2c941b6133a5c |
| SHA1 | 4f21b6682749b9935d1e2ab0bc3a83cde4e19114 |
| SHA256 | 792474b488461d9cd4f02e4eaaaa4f4d7f939eef944cc6292c75c7f9fdcf2b45 |
| SHA512 | d50d29cc360cde2d6440a2e0232d229305f7a96ad9cac831f87d4ad9f3196845f54907f373801dd77d2ae5304cc48679ae699ec04e49570258da01f55744729e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f06e022087fa72c8d06182f561edf423 |
| SHA1 | 4d00406c03f12c0477624e831d3b68c8120dfa43 |
| SHA256 | cf148cacd29256123ec20672f48c99af11c3051cb28f4510311ef3afebcd50db |
| SHA512 | 195b8de81bbb2297d2ff1d79daf850085096c03038393e597a5648dbde3a257a96437203a104577d748b07fb24287ee0047b8189cd9d9968ebc1ff2ea313e014 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 33263f6115fc2951a4fe73e187f4d431 |
| SHA1 | e3544af95488a7ad1912c5f6a05915337510f9ec |
| SHA256 | 6ee601cb4a2d3e0fc712f4d9d060b4443a41c9d11419c5baba4cf710dc33aa38 |
| SHA512 | 8541a7c1357f170896290be377fc8b27c4f81142e0fa2378b29f6f5907995b6f771e7b01c0709a627840fec83d121d819a0f59e6ab3c3e47a711202c6a9b8623 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:32
Reported
2024-06-13 08:35
Platform
win10v2004-20240508-en
Max time kernel
134s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a5b7c821214983f79725100cc659dc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5084,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1044,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5252,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5416,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5448,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5868,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=6744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6104,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| US | 8.8.8.8:53 | www.w134na.top | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |