Analysis Overview
SHA256
bdd98f8c5057afc668e3bd8e2f39196a23936b913889f5e181c7a8d3c1b75812
Threat Level: No (potentially) malicious behavior was detected
The file a50798f650ce4219205adebe02630ade_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:14
Reported
2024-06-13 10:17
Platform
win7-20240611-en
Max time kernel
136s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435555" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000003cf25ed65093687c90e6df72738000a8137e83536eec3f4ae7ff19824e09fd8000000000e80000000020000200000009f956b7f6a63c92f8af3098a8abfb78de56c1eed16b8c0d2a77bc44e637495a190000000558c257f4d83e0b67ea01efbae6237580cd6236ea6c497398dfb102fe0f352db3e21d96d3ca4a8b2b53c3a23bdb7f93bcf65c04471f8252458644bbb6de3e4adfe6b39ac4941d86b23e83dc3e6d1176e6c3116ec471c82c9ce117a4559d3068efe6782eacf1b9780ce0de050075b3eb3ebb51d69223eefbf79395ebc9af97918a0f288fcc9ff35bddd8995d921dd744840000000682a6a06e2b65014063ab6ba8af9f4e5a76990b70ec4e1cfe28910097ad7b5d0f3ff956d84d2bba846ec654bb2c3a1e4403df6c68c0fab9c7375fb57c426d0c9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000273ffc3b76a8b0754b90ba6976027cd0ade7ab236beb74814284dd58a9b4a021000000000e800000000200002000000097a5dd7b8abff122840eb64ede1f39ac73c11f10afd49d949a259f6d7cfa8e5120000000f25fca600bc9b7a1b8b50457adc2f5687c0ad1556f409a376702b047a04b7d32400000000ccb7075ea1f961f48addd974e53f25f61625d889d18067c3820b87ced77c7a789695287be5158d6b0db37cf77f13e599f84c848e02325dc51d1564e2a1287a4 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2634351-296D-11EF-A8D3-D2DB9F9EC2A6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c056489b7abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2192 wrote to memory of 1532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 1532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 1532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2192 wrote to memory of 1532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50798f650ce4219205adebe02630ade_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab82CA.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar82DC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7144288f9aee95ac72b9c84b3f29fa13 |
| SHA1 | 6fb5f27652f2e35afc339eb1590c1be95b90a9a1 |
| SHA256 | f7e9c6fa5afb8970b5c0f945d3fa032e02a52518a96c2f6f5bbf4a3a13b5cf14 |
| SHA512 | b360d687889fdf323c9dfba9ce42ac125309fc0ad4728b7fa4943faa828d3185f1bacc1883877518c056a06f978d2516abd4a3834169721b86c2b2800a2a92b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8aa59aed9ca3a281b89fb7ef4bfe747b |
| SHA1 | a25aa24813d216acbca0a0b75d9f15329e0b9524 |
| SHA256 | d184bb55f70351327954d815b5864d2210037117415d5d128eb337d95512bee1 |
| SHA512 | 560b3e884277ef3b2915e4d88be5cda43ed60e2ab0ed855693843f08ecf7e60cea0344c21f22ca399f3b6a9b2a47591a8a9a083f7296f2f482be790983e20dd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8eb604a320cab73525a0dc0a0611c32e |
| SHA1 | 4365f12286624a5319841321199205f60fb74f7a |
| SHA256 | 33f2e358d697766a58fee35d5b45b4403f4718fbcb24ca2da298be83550796a4 |
| SHA512 | d1595ffe3327185b82c7fb317f3b1243c9865fbf300408be83ac736a036440eb061d6ba66d1809564896181f06f31c942b574ddc27138bcdeed38677ad155280 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 096416c5f39a6aac49acbcae11eac378 |
| SHA1 | dd67ec40c5162e2bb03401ad8f710a45cf4a752f |
| SHA256 | c96075034f82e55d938cfdfc08a3e378c4d54b0773c4553e26d48d454dcd3e8d |
| SHA512 | 463f390130183e938e71568223c9b64fc3b665c2c287a5f052c2d7c71f7f56178b8e9cc524ef75e73b382c78a045523515f13430c9d65b24a7beb4e69f84a65b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10444bebde8c94269204742a63dd0d63 |
| SHA1 | db84d563bf6b6306c6a9c3016454bd7b9ad63ff0 |
| SHA256 | 2ac91a0bf7b66265dc669a6b3fc07181694605807130006b3b6eebf99b90cc92 |
| SHA512 | d5c1c95bc9d43e738f9dcb739db26dccac1706a789e11de19d954b28b7780f47635bd38de28238d73c1d609dda32cd8ed33c2d9ce2053bf90c1af3aab1488d29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 915e7c0babdedfbe1315fd936a5c8cfc |
| SHA1 | 6f2eda0d54eea33ca072f90d13fd79d12999188a |
| SHA256 | d31d16eda0e46dc4dbdaae70e836dfd7050057d53b1a64ef6d323ca4e491bd94 |
| SHA512 | f34e3ac0cb3b47fb6c272d81ecd8058ddc1a7184a74ac7918f181a2a433e50dd1a10aa75286d8cb6bd7a30adaaf941387be8d5f961bbafc0301c4071a1a10404 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6507539133f6cc78580201aa93386638 |
| SHA1 | e21a1071943d70c0f3bc59d56b8f887c762a0608 |
| SHA256 | 993edce94e0448477934afe5f1edb9f236ef453cbc4413607d940e343b5a6cea |
| SHA512 | e7bf184765a0f44a42226769f002294842e243f6cf2eb9f3693b03def9f76823e1cdbfeb43f968f8beb34a72a9911464decd5a8219d093f33f4d33e3f29f2cc8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 024dab26e09fd31cd06a20cf50367bfa |
| SHA1 | b42920703fc1f748a7e5f3f2fde4b78793ee7834 |
| SHA256 | 7c5af9a1ea8cf2c763119e3bdddc1b15a0afc577eb0084d638f18fb008d2d1ae |
| SHA512 | 4f99c66c24be619f36ba64b8a70fbe69b4c994091cb571fd39ec3c8397eb7898bbc98c788c71d973729a947ba512b2d3ba57e142faa7b66b3c2a277478f2b2b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38373672058ae4aa38f593970008fa4b |
| SHA1 | 67f17ddc3f314a77d4e7ec6b352f088055ac07c7 |
| SHA256 | 993d395259aa63f9af90ebdbceba860eaee8849a052c2264204652ed1fec874b |
| SHA512 | e9f754c1bd369868c13b3461bdd6659086803a80233b7dad5ac8c08a87d968eb27d996d34c353f6486e859f49d427ffbf81fef9a5794a614d8c9a93b83891fca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b8cc98d4629889609d66ec0222c3a31f |
| SHA1 | 0d3b087e1d4bbb061ea70162b9e41d8b9e04d885 |
| SHA256 | d700eee1571f743e2bac0cdbd1f4f9cc525b40bc80cf7ac56f17830e27129c34 |
| SHA512 | ae94106e4645e6457a63e997861c14d25608253f924746a7fecae1a1d123e7cb2085ff486b7295b22b976907c25df782250f1a3609e68fdf7c8de1abef128fa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b0520894408562196905b0b6252d4ee |
| SHA1 | 8dea7987c456cdc3fe846081e4eda1ae327ed679 |
| SHA256 | 7d24c0a191292bf8054a799637e07275ce44366ff27d8abcdb742c06b32bd357 |
| SHA512 | 34bddb3b9e22c09475a28d9668e762c27b5e82fdc999ed021fd7d1e6ed2ac06eaa6102cf9804a27335f7e04eee9044a7d92846cff6fdc0583604a31a8aae07ae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd1fbc78d00ca68858904b8d9445db84 |
| SHA1 | 07c9b9e1c0244588d0d0258af653cdf2778b4868 |
| SHA256 | 1400ff0263a1f2e6a5ec94fc7881062813ebae1667e8c4f3cfb6f863c9594fa3 |
| SHA512 | 1f69f3c3d97b77508c1ae401f8be874fa3728f4e4f4286bcd369f683fab7be57393b6e8a5e1c7dab3d9f5a9088d0a7b1af1772f938cdc95762be0a74ae8b0fd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cfa9008b134529d8e6bc3561fa63c42 |
| SHA1 | cc6ded9ef74e030529cb0d68de57b9f19ad2d1b7 |
| SHA256 | 2a3b32c3043267b396fa015cc84ab39938d217fbe2010382a625e8a91ef29bf8 |
| SHA512 | f21bfba97ce95c58a8e60aa7917b19bf0dff9ea4494c941693f594224a52d114a41f1ddcb8bd65fae42613b862b68b1b0575c042d0fef47e91279ef514de1fa9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3254527f8942f9d593f9385788aaa39 |
| SHA1 | b8fe24a603c77d89587c6848c3e0d3f14d2dc14b |
| SHA256 | b9384f582d5661a2a561c3629455533d936d4948a169b59b614bef00cc8eec8f |
| SHA512 | 4a2d454bf4b20f3256a1db9364aa7524236333777b442e3ad180dd694873ef74880480cfe6d027f2c1fa7886c5dcc9b2c93cf64a5e8d2a90c41ba4ef0b0603da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c333d2c0a838d69c953ebbd4065ab587 |
| SHA1 | f6f88a3a7557fbbcb41e978ac9350311d7331f32 |
| SHA256 | 8819629318ef0228d9394118f514d518255c70ca9ec586ef0fde8c3f4bed106f |
| SHA512 | 47049a95ea04957e6b9ec74fade32194282e5d03fc3cf7b7a1250f788ca83a94eec1c9628db55558d843c84ca1bbd2b5ccc0b705bf5b7311761289b5f099a59e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 926f0e415fa692b630bcf4110eaeeb9c |
| SHA1 | 58fc96021d711d9ea0cb3820685d16db110aeefd |
| SHA256 | e6e66286173ed30f0336c28bee75d5254b34784d62e442c7caf4a81c315fac27 |
| SHA512 | 84996f8f5dd4a993606e8831efbc593b7953fd6e34a51da9d9f3e87d5d92932efb2edf541655e7a53e6d081873b0405ae3b1f8d8fd069c408efe1dfdabf5385a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4f8ef38bdd324f0e276cb0b210d85b4d |
| SHA1 | f7d80311a27a6195eeb73bb928e821964d26bf9f |
| SHA256 | 62c79d2d995e58ab4b58a9981d6944919b4c5b13e1da8e3f5a4d40dfb063ed7b |
| SHA512 | eb238d122f429e3b799c1acccb8197b38bfd85ab5c282378407c490e2fe821650b2473e9429cb79864e3503f000d774c2a2b137d816613d66752c14ebdd66106 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3fe54b1c763decfa8b49d9edbb06bc2 |
| SHA1 | 9052d68c401e5307b60af31ffa1ed24c678ec35a |
| SHA256 | 8f7b2cad847019d25776b8aafda7a114a6f613493b46edc9cff0dcb498e935e5 |
| SHA512 | ede87258eba5894726cc87816d5bcdb0d3cf0c661a05dfd612939973344002c352f8a6a78652f774e7c552c75a608e04151263b83eda71806ff00935578727ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ec520d5bb60ba0e6c9a16b2666658dd7 |
| SHA1 | 7ec86795dbeb20dabe07dead17e5ee0eeb8e92af |
| SHA256 | 87a82fee2175ddfb3290bf6dc0c9d53a10c1865c963dbcb3f622fd9dd902e11c |
| SHA512 | fa285ba297ee919b0c6fdc59f244fdab8fd09d3f71033a9d1e182c71095947be084d782ce25c04f36bbe751f4ea7f0d6fc711a95f75179d3b298cf1fd3a2d49c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:14
Reported
2024-06-13 10:17
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50798f650ce4219205adebe02630ade_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=1004,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4644,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=4948,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4304,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5320,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5932,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5628,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5496,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=3096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5828,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=3872 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.162.192.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| NL | 23.62.61.121:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 121.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.75:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| NL | 23.62.61.154:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 154.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |