Analysis Overview
SHA256
e56ca6a62a0c857146377e649eb6bd121e00e2fe0994eb2a07aedcf5913abe43
Threat Level: No (potentially) malicious behavior was detected
The file a506b3359686b00566c121f44795a6c2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:13
Reported
2024-06-13 10:15
Platform
win7-20240221-en
Max time kernel
138s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000648cb8e40da083419fff8fe8ed8707ee00000000020000000000106600000001000020000000e748e5f2169864e955fdb096ba97ae147b6b64dde6ef7f79502f1445712e7a66000000000e8000000002000020000000fe3845f6cfd8ac1f4047892c67dc73feeeb61e4efd3047fe9294fe7198f14d7e200000009df25400fb16c5949e26264aef6cdf49641754ad78dbe7aac2a7e0c64e35ad5d4000000077d8928f31b06b313c0e38c364ab9550a870bc43c562574bbaaaa0e6496b8d476530f029215e7728c0f1fd69abcc770fc510fa4cdc8a0904dc989faa3e2a4946 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435461" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B216391-296D-11EF-822E-56D57A935C49} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401a09607abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000648cb8e40da083419fff8fe8ed8707ee000000000200000000001066000000010000200000002619d58fdf23e38db07c17e3dfb85e7256d271bb7f3835da02d581d79de7053a000000000e8000000002000020000000845dd3db6cf8faecdb9b614efad522d6ae9d876f1dbb95475aee26cc3ab95bf0900000005ff2ca22dec7388362b814c974e74db4e3c4b59a248482b8aa2a6d919402bfe49e4c0c1114020f9b1e26b95eadb14b47b205a7714dd8359d084ed3896818f4b888c848dc4205a23af1c083d42b751ca6b20afc06091aba213617d6cd522cbf331e98ba482ab48a6ef911b4fc3fe1216c3a43d26de0a0261bd06f6012af1dcbcc7390e10a9fc987e11685abdff27e5449400000008472ba0eda0f9361c97da51668741b83b31e50a99203a2e6a3be2a2a1dec96b898f43d02cfcb418676492ac1f0dd81bfaa5ca7334912a7a01b35be12de469057 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1504 wrote to memory of 1060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1504 wrote to memory of 1060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1504 wrote to memory of 1060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1504 wrote to memory of 1060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a506b3359686b00566c121f44795a6c2_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| DE | 178.254.10.141:80 | e-jugend-eberfing.de | tcp |
| DE | 178.254.10.141:80 | e-jugend-eberfing.de | tcp |
| DE | 178.254.10.141:80 | e-jugend-eberfing.de | tcp |
| DE | 178.254.10.141:80 | e-jugend-eberfing.de | tcp |
| DE | 178.254.10.141:80 | e-jugend-eberfing.de | tcp |
| DE | 178.254.10.141:80 | e-jugend-eberfing.de | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab360F.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3712.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bba18cc181e8e55eec43d377768d9f68 |
| SHA1 | 316b69d5b6ac355d20fb3c7cb9f9640599b3c9c2 |
| SHA256 | 31b8e364514520ceb476ea7736e1e58082c7473bb738c6c7935503261d7ac39e |
| SHA512 | 2b58c69d50848f5fcf81e466b2a10f8cd5e8d8936f515eb2c46a9cfd96df210962905969279227b5055ef3133195be79398003f7e39c64c41043cc17bd9d3158 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5e0232ecbd7d537842173ab6d5ea594 |
| SHA1 | e5c82c8bfb4f087577461cf257dbc296f2c98cd4 |
| SHA256 | 9b6b21531e2c7a17a560d5c798f9847d3ce1de1b92e08f4ef75f395441994c5f |
| SHA512 | 268b847f532010f5fd2dc3e76424fb762865694d677565697fef9c9f8fa25a015c9b1cbda166cdc7b824a589bac48b4b8bbcae3a12acf48fad9a4491475b3257 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfb6def11f7ebad1f1dd30f470618cf6 |
| SHA1 | 950df768605a18c3729f03ba7d18b5945e0c7719 |
| SHA256 | 3ccb7c4a70d39ba6c29f0eaf6aaa0bd77f637e6dd1711fe76dadd98991f411de |
| SHA512 | ca4cf32a7b549c2bd03b89cc3822e8ba871d7ef22e24219b2cd6d65590d1310aa23e5e4f7f396f71262fbc1eeabbefd8df5b345c33a644efa4d205457f7f9658 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e92cebffe9c2effe4b2fbab2deb60db0 |
| SHA1 | d8ef166fdb10db614433b8a5f6374aec9058c232 |
| SHA256 | 2b27451243eab298422c11bb0d07c5d9c1023b92eee067f6e005c2b407d28b0c |
| SHA512 | 9f5a6391c6ecfc4f0c490ba7f10bb4af5ad516a76b62060dcbb7d6cb17ff8cae8ddeea20189be4a88f80357a0af85b7660291957c8d12209499cfd166006264a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc74ecf876c61beb49be608bc6934669 |
| SHA1 | 683f9d6dbb75652116cda13d8b13a7a3a20908fe |
| SHA256 | 5b6f012c4b3520eff68d3a49c3fabe1f238f4f17ffe3a3f0af6ca747bf343d3b |
| SHA512 | 46866f1b0c448d623cf2f4c910ff0deba4cb41b90b9a3b3a281a0b608d148708a801cd5a72aae2766ea5792d505b512ff25338d019c45ea48591318785d6abd3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a4f353c6cb217c1b524aed8ca37b728 |
| SHA1 | c028b37a29bdb2637dce610e9254345bb5ee081e |
| SHA256 | d2f75625dc8de344abb0cb6b51991d5fc392132a2f6f653287902b274990d60f |
| SHA512 | 42e6ffeb645659eea28a4c9d6ae7a919fecf06d21606cf746b7ae0ae55b0ad77653a91eef36e982948f2e9deef3e51a2878577b0959369d62b316a5385e06a11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 402aef1744234d8d8b1e820868956263 |
| SHA1 | 43e047b1c40119c135c423a05025ed198cbe0d78 |
| SHA256 | b9e3ea56dea8c90559babca0fc441dd8bfee46dc95759029b3e0e9e1e436b82a |
| SHA512 | a774a0d7dc61da58743df10dd6bf9178d528c7e21125ff58e3847197c40dc7950ee0da826778ef436beb3589d6f0ee7995970f6e38fdb87ad508ba96c6a92b56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 070af16195287f572a369f589895f5db |
| SHA1 | 8b2f87cce9bc0391281b85dfcd44cfc86627b210 |
| SHA256 | 378904d8905d42e81388f50af5c8e02b45e54855791b05bbb8ef9d91d0b38207 |
| SHA512 | f6de146ea31cd33d2782736c0e46555218a5b1353e57210ed99c83b97b0cd24db630429e3e7b9414c1cd1a02e75ca2d59aa736475df7161a4202449c6cd205c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 598fb876eec7ec952c66f9d2c94a3132 |
| SHA1 | 993232b7e155a01d1004b4c649b2a43bcbe0cdf1 |
| SHA256 | 77a9e7b27f5925d24f2af99116f734610def1b33fd2a7a77af9a81a81bc7fb6a |
| SHA512 | 9082d34b456a1fc50b83d7054e3cd4c6cf5f9969477782763b3d83e91be52f1d06895d1cb0ffda900bc04ced34b3f78751df3abcb449598a9bfbb1208a3589be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2878e9c67d53bfb8ccb05eb9b211ad99 |
| SHA1 | e0b8bd03c821f00e5c5a6aaffeb904395b0ba205 |
| SHA256 | 02446e9874718e590f0ca4d62ffe4946cc5dfa92138e63a628df4c460e53688f |
| SHA512 | 3163beadb84a54ed364a363547be9034cbc3978d709b05b7ebea74ed7d9e4b042633ed4ebe001e7265ee0c0e2e44f5e2f7b051477f2a24086a60c77d35847004 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 575a0bbcca842e795042c44783e96256 |
| SHA1 | d1db5e25150bcd6a0e8df14ddbd0f3474ff3e0b7 |
| SHA256 | 9ffa3ecee707add53012577cfae488db86ae75c09f11fa5978f3d3052d2297df |
| SHA512 | b05e2e812da03142a12e03086c7d324fb4e72f37a4883a87d55189a86c1d4953bb413f6d193e3ff979f02038bf82df1bf5aa94c4cab830c3fe62e31b882529ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 77b8bed539d8a8cb92e7cccbe9db1174 |
| SHA1 | 09c96fd3573314a6b399d5d65c0d0e3b9d33df57 |
| SHA256 | 8f92d331efc5fa4863ccf82e58c7abc479bf269394218e99d18baaf2f054f331 |
| SHA512 | 46b918cc6bd7a7fa39c5de94744c068f178df2f3da7414ee79f589685d75527df6aea46f80e0e3ac87becfaa479bf2f7056ac5bebaf6a56b38252c1d7a4ca4dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d71a29f5b1c76b07276c461ed146190 |
| SHA1 | c57540310dab6f09a32a336e9d85e02ae537416f |
| SHA256 | 1353eb0cdfc66b2df702e66e74558dab0294a742926f9e3aa346e9802a421937 |
| SHA512 | 5f0932cb0adf92853e786cba11e83aa9572cc28a810ec958651008d3e3be99821ffdcff51f42245b4bbb2884f5eb0ded3f3a934a0f159b770235ab871f8179c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14cf9b7d3498fc472187cca5f8e50c80 |
| SHA1 | 2fa6456712fc1dff92251e563baec10dee1dcbd6 |
| SHA256 | 66bbc11e48e627aefe615542fedd7f0ffec770d4238313b80f43b90c89d174ad |
| SHA512 | c09b173db4b1a10b8119a751a3087272001573c35ab0b7d29fc1f1c1b469ca5a9cf363d1cba34f90ec3390422a340174e9e0c651b00134cbf1d2d2e1de13cf35 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d289b2bc575970f78492047e2597edab |
| SHA1 | 2922b41681d6d1c6dbd63a7bf8360784674b9f9a |
| SHA256 | f9fd6e15d81aa7f5327607e23724f8fccf3da6d5f3480a57d433a10e0e8db444 |
| SHA512 | 38dd505a2b5d2bc71045636173005ea0c84df169c0a1ad5d65351b510dba4fc757636bf8a7681abae101cabced36cace34919c439201f9ba6a25e15f7265ea12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a84eb84870a9b1550d65a166e46b798b |
| SHA1 | 66e07ace446870517fbc715f2566bf7a1ea05292 |
| SHA256 | 1beeb3df3a5c1bcbc40dc0fbc96c8fb65d58719994aa585bde595c8a9c046324 |
| SHA512 | 3035eb2dc5da27b47d831d851ebecefc1065bb36d06396eaeefca5b01f10c7c69cb69c5ac2c0cab83e7e1713a7803fded99ee004b0dc869a48bfc5a25df428ad |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 264f9fb6de91490bfc5023f38dbd7922 |
| SHA1 | e94966a9150e3b6268763340549c28482ab06f29 |
| SHA256 | 929dbb6f055f1db1663ef625bb4fca72250a5b48dca3d7625487557310d1ae01 |
| SHA512 | 41af04d2ada8f70c96aa636b22d4191b599462d48346526f1281eb1024b5aa1505ff0752ec93a8696b047fc05bff56bbf1a9546f31bc67bafdfbbced218bb71c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06775459664eff9ab17d0a58d1423339 |
| SHA1 | dd39113a3ed78357688a3d4ff933dacaa03a5500 |
| SHA256 | b2eca49e1bd7b5c9991f760e095cca2eb20de126e4cde03645a6725f3a33b7be |
| SHA512 | 392ceffdd6405e5dc4df2f45004ef8ecff24f84608c02b5e7cafa950ec8d35081bcefdafdfa53528fca53f8d19f3e0f1fb2312ec39f2a6389dc665165f34070a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a02069487fda492cfdc56551b98ff11d |
| SHA1 | b3b3a9d241d9e5affde9bde46d01510f65c3a3c4 |
| SHA256 | 50db51cbd2eb0f0a1b905e0b1f3ec78362f672f2d1aeef3488f90f8203607394 |
| SHA512 | 03804adada3a10690c471bf2249026e49e0ba20143f48e25759afaff8ceb84b1908290937eaeb45a35a2d7996ed95828ca1e84257043fb32a359f1079d030d61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 994b949d2d0a5fc309ca0aef1f7396b1 |
| SHA1 | bb7581e51bfc4392ba82fa981b8dcf0f0ca8c7fc |
| SHA256 | e3b2d12927d0cf1719bdd3d666139db42137501535e35e5d5a796ee319cb35aa |
| SHA512 | d04a7621110e639c53b2325cf5f3e045bcf55ac133407f133409034eb10719bd1443f76f1755aa65a4801f4c74311206bbdf16f01756eda79b3a767586010575 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bdae7272f37122e14c9744d8efaa6ec |
| SHA1 | 65e81bfa68a20285c94ec8cbc6bdeae969bca24b |
| SHA256 | 1c68d1e93201dbd0e4f940d6863195e285085c7d9b8a5d1e8eab24f742811cfe |
| SHA512 | 2b4534372c825fc3800f2e708693e1c1842baf2e8dc9a25b454c0a2d02b020df595c4d29f1893f232f93f9535e4e26101c8def5d15edd678ea07e796299e0358 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:13
Reported
2024-06-13 10:15
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
144s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a506b3359686b00566c121f44795a6c2_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4176,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4036,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5288,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5444,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5476,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5888,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5636,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=6768,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | e-jugend-eberfing.de | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |