Analysis Overview
SHA256
2b4cd8780a55306929acf11ee1dfa2a7579cd9b513f5017c2e9b9463b7e7e843
Threat Level: No (potentially) malicious behavior was detected
The file a4ff36a99660a53be0a468c6cc472d44_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:05
Reported
2024-06-13 10:08
Platform
win7-20240611-en
Max time kernel
133s
Max time network
134s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435016" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000008187956a81750104c1a77441b4cada6f957e2a0570d2b8cedd658df2c0a446b0000000000e8000000002000020000000d0f0ea9a2aefe26363c2c42204b4017568bc61898ee55ac0fc6738d47e4d95bd90000000cc05c71fc7a83d63ab7232e4cc129e63ab41d4b3eda0924839dc4991e5b7ba804cc70f149d6e7a2a543e42006808ab0a8cff2577d38f5831b5bd69a529b1871a9e377bf6a6c506deb750a7be85a06a20b66a4c6238346921a1ed9be7fbda8a62c4ba403f20f67195c0c9f2735c0156d4661d9b18bf1c792d340f2363c9bfa9c20f6b54719240c822fe50cd68ce9a2fc740000000be4ba49fc3dcadd53ea399c8714cd53437334ad8e711fc54bee226c1873c317b02b6b16355334137174552cdc42280a2e693fab2b85920e8048698aeb60848cf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{813297B1-296C-11EF-B848-DEDD52EED8E0} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5048d65579bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000016348acd4a66da39125c1d9d7d8c52eb879f05a1f7c31c952b7daab6aeeb6a00000000000e8000000002000020000000edc9742d93adecf5a28a0a3559efd17adeab8dd0f9432956700bc870312739c02000000044bd9a4a82f64c2170c9efebecb20c5bbad153523c9aec38d545803256f3d685400000006b9331f40f0882b1fd8e1c64fe34138a826f25c81c6b5bcbd3da2803a2f791f8f054d7267dc5f5ab560849b97d30e31ec8c75fb0dce5b0af45d1bb2d59946827 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2072 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2072 wrote to memory of 3032 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ff36a99660a53be0a468c6cc472d44_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab74D4.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 049e0fceef0fcf00dfd4429b2ab9fd97 |
| SHA1 | a9762945fb8a5188bd5240a06839d9ce78470bad |
| SHA256 | 3eb6780f730f3bc44f2aba49da73d43170704a037b67d89edb2e5cb0d18dce77 |
| SHA512 | 47a479b4793318d6ab94232ba54b7a308596beea036dde30d52cff66e6e8709e30f215cbf40b5831865358ee71a57b8a44810c0c21456c248aefc2d0c3127fbc |
C:\Users\Admin\AppData\Local\Temp\Tar7584.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ace43c1ee63aeee96b1539b10a4b17cc |
| SHA1 | 522b26cd60e82a48c0fb83d140823fe496869a65 |
| SHA256 | 9ab14fae3ca7380f2c9169dd2f6a6ee52621d1279c9e045ccdd0674fee3edd26 |
| SHA512 | 6cf488ad13cb3e19c97e7da6ab35c2056f2e8b60cb5f99fd527dfb814501e660c604fa549b2687849358ecab2724501782178ee2cb3f11a771afff5b8c83b136 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13a717d2a677f45bb62c975a21faf724 |
| SHA1 | 330d5a7faaad7712f5292caa45b22b3e4fd7856f |
| SHA256 | e231a73947ca80c01055a9bc676a99146ac46802c04214fe94e9f420a1036d0f |
| SHA512 | e45a97d06608c69d628a7af219654bc2a37b7db0e133a776823c2e27bf6c2065cca8fc1c1baf5e416afbba43f0a2ad832a239882060400dcfb8faa40df25cc98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57fecbd768ccb3f0f2dda2131ca5636d |
| SHA1 | 22d867b6726fa031d9afb93cec3dc02bef6bc2cc |
| SHA256 | 6c5f96653514c27e004886788a5a8b1869cba6374660947cc7ae5092c97928d9 |
| SHA512 | 76d402f8d7abd39cfb7c01f894c5e9518f0fcb299f46146f12f899da65697877dc9b87961c1552181a4bfbeb4c4c118c34668d1c038e876f71f5dd98e2bd1b2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bc9ce05f9d4c52e9ef12c7c602abf85 |
| SHA1 | 707ca09169070f2bc5c8e662ddb5e37287794b27 |
| SHA256 | e9f6e726a0a8295800aa472b0fcaff989d12433740cf91ffc95c573a2c2f71e8 |
| SHA512 | fb064a41480854eb166764f7384602dfc2fc05f2eb4d46081cb1e755b3df8905839f27f659909ab811f2e4e8a9ab56160073af6c32be1da63390790f152188c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24c35567642526f0e4c9001eefced6c2 |
| SHA1 | e79d5167c75945ab3182f4cb0fb43cf4f4b192e0 |
| SHA256 | c82693bbcc77ae65cf8cfde375b7429bc8b0d09685c6c2984fd33c06c0367c9a |
| SHA512 | 0704112c6e5c29fb3c257f997cdd1abfdf64e248a1353395a74435f6245e6a617d93ac2151e147127501062c1788c7204ed33de958ef634c6783c7d88ea9135a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c2f7d58e04a2a25983c96b4bd15c4901 |
| SHA1 | ff8035bd269327511486e6c28390a3850c50142a |
| SHA256 | 258e99122df65629cf51b00e7046850fed5e99784f592688f42c08c177c328e2 |
| SHA512 | a33d040bab88e0f12c8ee60aec561db32bf30df0f7383774b08eba49a19750174df03c22a00fd67e2ab24f971578cd796c02e0f15570815526db4061c4b52f12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 45d2b1aea4ba702fb2666701c26f87fb |
| SHA1 | ad196955c51902f4c8f50af377cb5fb110f80e77 |
| SHA256 | c06df3e46fe995058036e64cb4dbd9535ad1e7ca9316e3b337d5d424c76bc148 |
| SHA512 | 4add31ba2e33ba3438918caa52ace49e3e837634ef20b77d3300877a6f5d057162413e2c7767a9d7887d917c20727281d29e8c4f1188d16a35b18e57ee7f0266 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 661bbee6c26b7e41b24a6ccf2762ebae |
| SHA1 | 06ec713882f5dc15d156b137f02535efa0a271ea |
| SHA256 | 4097bee7d47e684651c83b925fcd3ca8a4ff04541e2ea4760c10bb8bf1942a80 |
| SHA512 | e26170b33982201f7b36d7b1e4f0ceb2f9f9e4e00c55b2103e411a64bd66e3c317728cc28fdf7a3afdc61c1e4318392571465b5dadf40cf70c83de17f16b520a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b314cbea80c74077b8f521b60cee5a3f |
| SHA1 | 53b15f472d5da074d309471ebe5b03e26be9557c |
| SHA256 | 0e923e914a45e037a31017095eef8fc6b26bbc50ba19d7270474026fcf68fd66 |
| SHA512 | f19f7a3870fdb0458c4dbfa1426356ba96f23ad7fbdd43f789442ce981717ca49ca2fbbfc88f8a5baa41256f37ead07cc60c04fe0312839265d769939fadad57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 633b3fefd624ae075be99ebfc5af1468 |
| SHA1 | 02c6ab9b5893658fbc474798efc9d3c03ecb8b66 |
| SHA256 | f2187952422759c511b1f46eb082bf75c77cb858cdc926e9ae98123f702cb811 |
| SHA512 | dce2a362a86cf5c2a21b522dc779b1a29765110228f000852c9197a4afeef531e62de77ab201f8636c90e9cd6e3f7c0fe103ea1ed201500e3ac42c2534639c8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 503dbf11519dbf0a017e8e6a86d41fdf |
| SHA1 | 744ddde7c3fbe0e5a74808238ba2be65af904ff6 |
| SHA256 | 2f79a7ff40745ba3d8bbb48b42eded5bfbb7e8f34a9e1e2034bbe1a099110836 |
| SHA512 | 12a39985b4fe7e74de14ed425c69cde918e1967be27e695cc5e1815dd7ea8cd4ba37b962512ae9871507260d09f06aa28bd64a85cf46a1c1b69db695b006dcaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1353759f4914f6c00d05d78f25108d70 |
| SHA1 | 9f9cdd38e1bf3ee6090ff1ddfb7696050ffff70d |
| SHA256 | bebdacf6dd5649d097adfafef747daa0887ea630f1051144905d55c0af32c7fc |
| SHA512 | ab6a04563a2be164e5963affe3f6a27d587caffb54874178c65193a6890fa367ff82a9418c72fd8d0372b1368272d5856db11455bf08991d312fb4cd88ef13cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f1e36bdaf75046c55c2f09f782b9cc95 |
| SHA1 | b4bfad1e6d9791b45431de564651e6e618639f19 |
| SHA256 | a689d4e0ad3f3e08ea884ae2012a381f69e3d1123f4a287532f585a0bfd2821e |
| SHA512 | 5dcfb9983e32947b65b0e837c7843a777d8dbef83d46194652cef8001ffe82b65619f93038ce94dd28b78d088bdea60233597071f180a6028200e3eceb7cbdfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c794dd66b0abbc4e0419eb2bedb9b545 |
| SHA1 | 9eb9cf1c97e3e0c70b2b8aa164ffeeffa1648ff8 |
| SHA256 | 8c88f7eb129424fdd0802ea33b9a22c21c341cae45101a4d37dbb33622d05417 |
| SHA512 | 0613f3f594f9d1915af89650596451876e605e416b6d2c5c58113639487d7731476ef2ec43579d6651bfaaf5e31a7fcb4478eff7d2820150c7e7821781761675 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e66e288fe69e1a3233bfc9d7d397248 |
| SHA1 | 2dc2a3fe93f225329ac300f370443926b9a3a982 |
| SHA256 | 2e76cde0e68dd28b9266634b661e9da759becc28ff8e9a3d93402767a1eedcdc |
| SHA512 | 446ead26a798839ca1879abb8853b55cd0b959a1da775041cd79981cf330cb301f713648d00fb8c2089364c51fe3f4a041eaea8d8ff673e8870ec16d9366d9a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd6d9a4a62f7dc38ee806d005c2b3b52 |
| SHA1 | 4ebd65a15d159491b1131010b98c5582f1cd9074 |
| SHA256 | 1fad02ce11e31daa87d44d9b412855622131e0bb8bd7502a3a9cb9c6e195140a |
| SHA512 | 2fec784d9a5945bbd3fddb5507eb5895b06dcb178db7ac2f6005655470a51676181105503cefacbb8eb35e507762d071e402273681d70b66b179feeb0f1490d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cac3478f76a1a589a94b5688d3f2602 |
| SHA1 | 7f0c21b0aba516a0d6fc43b39c7878adb909135b |
| SHA256 | e0a4de6fbb6be08db075fd6d2069f0fb68814b37527188b035e5f567dd413ace |
| SHA512 | c022dc7a9906cd59ed031d39ff6162fe6564389d0607ad4ea8d712584227f80ecbb23fd473efe948f3b86a548042db0a8274275a78e69661ea1ba07c801a7a9b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:05
Reported
2024-06-13 10:08
Platform
win10v2004-20240226-en
Max time kernel
145s
Max time network
154s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ff36a99660a53be0a468c6cc472d44_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4792 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4876 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4888 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3376 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5548 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6004 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 2.20.12.90:443 | cdn-adef.akamaized.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 125.162.192.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.160:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 160.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.213.10:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| NL | 23.62.61.89:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 89.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.179.89.13.in-addr.arpa | udp |