Analysis Overview
SHA256
16a204dc53c9aa2ab456bf9df936b5545f0774460b693e1a2247e5b676ca9a67
Threat Level: No (potentially) malicious behavior was detected
The file a507c01a300227413b2447c3b5b67b69_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:15
Reported
2024-06-13 10:17
Platform
win7-20240220-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001a4157426915544fa3272fd0e80d9d1c00000000020000000000106600000001000020000000b9a94b85e2d362ab98d0e93bf07506d0b3818fb5ba537bc32ce2eacb2e9a8188000000000e8000000002000020000000f3e3a1768148550b8cb55c87cde48c1bfeb8755f63c00ad1cc1bb184599ebda920000000cd6036d86d1fa6d0aa981d1824954f6ce54ddf5070b31d9816e69d76baa44b0040000000b98fbc9489c6bfdf46a819d1b4dd95503580cf0651a95902bb8aab8aa73e06b383aaa60ff2dc713263b7f2a2558f25fcf3c64d5f911f3453449bba7d70c0cfef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001a4157426915544fa3272fd0e80d9d1c00000000020000000000106600000001000020000000a56cf6daae5f537994f96a0d325d2b39e4f3d83e31179ab778db9c700a1a7d62000000000e8000000002000020000000277377f082c42e51e689d76c50ff6c387fa7d15306c62f004012f66ee37169fd90000000256feb006c174e0e11a0ffb6e9aa9bf52590dab22f8c98883dedf4d9fae28ca6929089a4d4ac7e5708f4e909b87c160c2f06314a83780826989b8f8604619e34a27ff678115c8ccf63b0197a23ce5118b06d130b11155fe07d65fa83e3c7bebe3b725a55633f1a4e8e6e36a69087db3dae7aaf4d2b67fe3147516a0de79ef0b7b8da51f32f50127b9486f02fed930061400000008f62cf11f82b4f5a73bc646943481bd70a439bdf05bfc8e0baf21c4bb49837f2f066bf85c7264a6e25ba898367d0a2551d2bb07bba7ddd6a6b1b45b268b64795 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CCA675D1-296D-11EF-A5A7-5A32F786089A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 705895a17abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435571" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2912 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2912 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2912 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2912 wrote to memory of 2848 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a507c01a300227413b2447c3b5b67b69_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.crescentprinters.info | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 944f80766ab0c3b74477a2cc66d86ee1 |
| SHA1 | aade2233e2b1f88352d2fc318b376f3857d792b7 |
| SHA256 | 8bcf5061e174894b4faacac2bae6cde3f1bd9d222a422123d813ba5d29829a42 |
| SHA512 | d8aec8dd2251ef92fcdd09e249e0fb21e2c1fb02894db02775c26bd5ecc08e97328e0c80228e14232e168035886d0d93c2fee923a4b861c2e97bc129e184790b |
C:\Users\Admin\AppData\Local\Temp\Tar2908.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab2905.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar29F8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdb7d4265242ec4f61300cb320c90852 |
| SHA1 | f9c30cb0d43dede2c076e6f54b505a31c769ff63 |
| SHA256 | f651957510545d1cd4d3445b9aff2658d5f126b24b1696307bdc00235a1c7cfe |
| SHA512 | bc38ce9b80a7a9b86519f0891c66aa53be005ac8a381e59d760dd5e6456f1d1c01d3345f4de653d12f1d8e05f86f8e8dbd95fdaf3d7718b3ba81b8e372f61761 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a440f3febd8b6c7635563d2f1c96fb70 |
| SHA1 | ac8702d2f175c3ff6d46146a2a4ac8bce3852e36 |
| SHA256 | 821eb28dea71dc173bb8b129bdddd445d7df4fe51a678e088a941168b540ae5b |
| SHA512 | 17c9f359302f80e30e6d8225bd3c4763426278e98389bb202b159b3a6441ea3d835c6fc902a0cca63158270ca008f9fbc4b2658b9c0d8ff73b608653ecba5594 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d5ee8d205c409b4dba68ba9040f185b |
| SHA1 | 697afba0460966dc50c6277e6c16a1c988784794 |
| SHA256 | d4747e9deb26f6e718b826a3641a14fc19ddf54f6affb3ce5b5bde629ab6238d |
| SHA512 | 8c92b0cc8fa47326600b0f34a77e79385ff8a1bc464746d073d4eb3e0007e525c41ee551f9571dbc938504c32d05ad7256a9bd3097b8e4eae2d998a600975e0a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3eaa82ee9dc5371fd59ae724e625bc46 |
| SHA1 | 6f2affb9f67a1b94b033abfeffddb6132a1cf07e |
| SHA256 | b4db65b8ec1d1a5e734bb8789a59d18c3619baf3482bbd0d883b670fa278ee03 |
| SHA512 | ef9ded756e3eee697fa28df4887357b7f85911d6e547a53040e8a32d5bd48ef7ee11c7941571f7fced6c3ef1e49a3c88b6a6933edf6aeb9a3e0907d3aaa6c8cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a1bbaeea202106f7b7ead236f567706e |
| SHA1 | 0ee52d5a185f920438324f4b80bc4c422519ad10 |
| SHA256 | e0940d9102ab8c8dc15ab0b2855c2d63af7862826eca9929d2131396fd50ea48 |
| SHA512 | fb8a382e88039d39b821df06a3b99e9934e73024cafecb968542ae0c04bf9d44d90cadfcf8b610b94b2cd28638b4b3f0912f02c2aa05d771cd781cc0f04f49fb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfc50347d3e9a00eb922fa6e1e688626 |
| SHA1 | 68351ada4ce2ab9521a078f357b095313a48722c |
| SHA256 | e8f0c33717166abc9a8f2a1c91dbaa197cae85486803d3bbfcb9d5b8272093fc |
| SHA512 | 7d76500cecaddad5f0b0d0517f5e966330ac655854d2f2e32535ede212dfc5193df26824870a4bf31f3f6cf6fb6f5e672325e15c2b9ac0be6afa9b97953ae095 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce39c3665ef0259c01bf6ffa153c834f |
| SHA1 | 30133edd3ce8a0511759b471f03a43a6c8fd420c |
| SHA256 | d821a4985f35825905ca6721aabd7c045b67fef63d23fd0ca4149c7f0dac89ce |
| SHA512 | b559cb6d40325f93d6eb2b4ec9f6423b73d3f382c473ca59da6e8b5715b90d89beaec6e481b07fe330b23288ab260972054883a07a99f5749dc4100f284602a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44ebae63455837550d7ceb93806541c8 |
| SHA1 | 3c76654e0c7577adc8b3b1f3a0a10b917611d2a6 |
| SHA256 | 8dce000e3fb0d8fa35354df89810b8f99ef03755c4459e78593eee58701a03be |
| SHA512 | f7e34edc0618a902dabe18928b7992cb847f0757d06ed74090cb23fefbd6bfb9207917b4c1d1ccb0f0f492da30c3dcfae8b100de2e644c08e75bc1168985702c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfe998c9447bbc227af90488695a8eb7 |
| SHA1 | 162065234487396761002129a35200e29d6d8a7c |
| SHA256 | ffc2c230b3d4b07233606c5cabc89fd777147da08e7f8079e8af45666792e592 |
| SHA512 | a541399ea86df38888dbedfe77f129cf5a23da43bae4abdd689bb1e1b91525bd422e5927ac664baec50a8e3660ace11df89a9ff94d8ea97db405b4d6205c9e93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11ed02b68ea079cbb2092ccb11f18cab |
| SHA1 | 8c06f6ce9e364866b3978dee4a3060aa32dfc158 |
| SHA256 | a1be854fd63fe4a4715c2a7851e77ba10078742f9826decdb5ea4dd4ed330012 |
| SHA512 | 2061512d417cf1e690adae6822fac7aed62da356d8949c2bd67a7349a41e5d69944e75c13058597249fdb2bace8b0699f3f605c79aece8b83eb5aca424ef3668 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18d836bf2634ed44cfcf4c8540cb61f7 |
| SHA1 | 0f326d4553c465569ba851c3d1ddc09e0d8c120f |
| SHA256 | db54821019c1fb9fc197d8ebcc84b9fed4945687635a3ba3d785c49557e75d64 |
| SHA512 | b474ecb9f0e1c0b8d00fe174bd7fe1778e11d5d508f7e1f2d604559b05a970a8b7ce4a8a7e2b83f0065253236c7d479cf804e4d74de3462461722eb42eb8afa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd8595ce3d1b8d9329cca12e6a82f0f5 |
| SHA1 | f6659a8b7c6239125f3b2eb9e4ce6764893bc887 |
| SHA256 | 9ab8edc5e870f6e01b3fd6cd58b687ac6259618573225f86fbf2a5b6a6546099 |
| SHA512 | 79f0dc1624a018a4516e75afda48fd16685f6a4c73549572df945eb0e0ca4096a548917372c5853386e85d1407ef4a65381f3020bf19ccf91870655fc904f567 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47042cd626dd3820616ec95109b96a55 |
| SHA1 | d704935d453a11884b958311733472f967d0b0da |
| SHA256 | c4c58dc2df3b2b00db2f8df8fe380eba7a652e8a07bd5c80f472f7a6e7e40dd7 |
| SHA512 | 1a6011bb00c7f0a85858681a3ff41290316630732d89f34d662c525cf8222040959c5d18aabb6f5150562209f09939327aed3194df52ced5c2ecf73d1edc579a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | f155878aa478b92f5483e5fd542a6dc6 |
| SHA1 | 2aa6d33959e85eb25499bc0a08e5d6a9af070d73 |
| SHA256 | 031d211e1a59e4ff26608f023e7765a2b40482227e2b6f63f82dd683c749ec81 |
| SHA512 | 5fd0141eb2e8e658eafb6520ac12ba84162e9f8f059c3c861d89de94e2f37bb3eeabdf645f85a35d4964ded42097d917c012a69f11067f174f135637305f53f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06d5bd982c73c907b7a2e986c382f40f |
| SHA1 | b12006bc932a873d3abff4834f009056e3bc3ba4 |
| SHA256 | 18b7f997e0b5591bba4a78144a4e4190dcd887ae34d03f18495a5bb3f1c2a98b |
| SHA512 | 3e9f8e5411e4c7ff259c8a689bc92bcdd9848269a137399fb42193984998101e031e9c50894c640a2f2eb19eff89dedd2ef63b58975472c5f33a1a07bea6aed5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1eab68ab0ef32e97b33bd6e7f818398a |
| SHA1 | 1960dbe09341e190599556abc0724c1dd7572f2a |
| SHA256 | e008dfd497c88b008ede7298fafed7b2b5bb52e0608a219d0ad038216052c9cd |
| SHA512 | 7ace930eec9071374a47f17e13c8f8feaa7126b48a352891f25031b4bd0d1b71233a2a69724a3596b3222c2a19cc55c4de7863d961f96f2fce4a830b15bede94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62e215ffc5bb7129ea61494c757933a9 |
| SHA1 | a4606f2c7c83ea669c4d1b5529979d29f5058fa6 |
| SHA256 | e6658c84c79d86e8a6dce69a6f1bd1dab3c849b9bf3a49b418c0c0ee61ce6cf1 |
| SHA512 | 56fce14bf8ae9222d7855858c6ca197253908b0259e897cd8a6f420b528844781f62c28b52ec5727646eff5d47ce1dc57424db67dde83ee9580d814b640d85f2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 07ede9b96e2c5a7718840c9e2630a838 |
| SHA1 | 5554e8ae99dde3fb34abc53c8affc1ce0709e73f |
| SHA256 | a4ce0917fda904fd52b4625c22f357245ada93c8c512babfd6b861155a6a04b8 |
| SHA512 | ad349078f244565094963e497f4f61a32b3192dbb148593278b51b53bfd0e08375a3411f82bd3653a65496160d14fc51d234b6751a56efee493f4a060b2ee3fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d782d09138500803b805993e3166490e |
| SHA1 | 48eda335f615da6874725f21c280518712edde9b |
| SHA256 | f31fd3dcd5dbe74f8ce53e89638164a19cb4605ca3a3113f44f884f18527c275 |
| SHA512 | adc498dd0deb64f6e8083da8f6cd729ede31b82d9038ba8351af55010bbd8bc27731185669fc452d17d431035c1da648be2b2be43f627678e4280ebf60757cb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 04c2a87155b500f7bd3d7a055459bd45 |
| SHA1 | adcc9f9972bade8e1d44149a4ffdaac1e7eec63a |
| SHA256 | 99cf21ffbbbb4602497590037a290c6d636f91f5adc7468fc454747999bd9e03 |
| SHA512 | 564943dd8fce437a8c4d076cbb47ce5d20a6528d940b643f072c01ff29ea0905219855089468f5d93000124a49e00baa7766ab164413fb433f53ec0d79a791bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a0f6798d1c28ae62ccc2bbabab319ad |
| SHA1 | b621212003b577e000fbf19561c36eb535c38f02 |
| SHA256 | 9b2850c44b85c9273263d24057453c691ef85bdbf1982a58d72de4fa68c2b055 |
| SHA512 | 4a226fdb7bb3674c6bf9458258b6ace1cdf2ad8e829b9e205d404bf516c8cca4773bb9b19fe840483e7eccf9d33de049d07f75f3145597e8a7d7c6e7af8cde1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a347eef73afacb861f25b08d7c4e0d92 |
| SHA1 | 1d5be26461884ca6d2331fc78a09b1b145e2c74c |
| SHA256 | 30d11c00c8562524b06f0863b4a0ca6e76c1b86948197158352f260f9923967f |
| SHA512 | 2cc177bd8beb5505a41bdb6766b1314d714e23329563c2d3a437971a2ff482e20af098546b9cc117c0a0c79bd309fd118e277724385e76c9215f04826f9c0d8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7512f21b2cc3d52b0635f253cf9772b2 |
| SHA1 | 0e4301612dc6d68189bb03ceb2d630d1830c004d |
| SHA256 | 624251445eeba4746366d7640624c47203f5694f676ebf8656d5a5dc393093a3 |
| SHA512 | 009dbfbff6624ecf024473801113997d8ca00deb85730c6e2124da92489ef376985f1391dca35225f25a3bdc2a9347e395a3e42f8f6cb4ff0372b05aae7fa845 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:15
Reported
2024-06-13 10:17
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a507c01a300227413b2447c3b5b67b69_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3772,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=3984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3996,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=3704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5232,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5372,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5468,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5976,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5652,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4272,i,3671441404766730751,12082497324212183132,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.20.12.87:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.162.192.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.89:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 89.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| US | 8.8.8.8:53 | www.wiadveronatrento.it | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.197.17.2.in-addr.arpa | udp |
| NL | 23.62.61.89:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 154.141.79.40.in-addr.arpa | udp |