Analysis Overview
SHA256
271ca1ceafa459d700e33bcb372854bf11cdce239c91e15152309f3e6157004c
Threat Level: No (potentially) malicious behavior was detected
The file a4d504e108f58f5ea61aecb9d1f8ec86_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:23
Reported
2024-06-13 09:26
Platform
win7-20240221-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004c33bd5ea3ffe34885316fbc4abd4e5900000000020000000000106600000001000020000000e496b5b1037dac4b276edd0041092be15e1aea7bdf4de0da6909c0f80d5be279000000000e8000000002000020000000933753048150e0b3297dd9f0c9afb8c351a946982002a378f6cc6cc52bf68ad89000000061d1d1b92f327a39fb89a147b2abc013ebe434b1bdc7d7358e22458c180af928e044aa0ceac0584c1cd34588780c5a719848e045c5a0d58d1f663b6f3822021aa0d717dcec2ea7a7261fdbd8883654c59b3a94d29875bd31ca5ab965662d3116eaf931cf21f79ff525510a89651b75bc379f06cf44df22c672b01dccba7d8ac7b22c9a3ad50c336a2421587a41edb43040000000bfdfd2828d810b2c776adf5db3bb310861ce1441671fb4d6a4cab970f52ec015ee03cf035fb0469ef13a9bf52cd3625195f13195e944ca9cbde9c951b09ba7ce | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004c33bd5ea3ffe34885316fbc4abd4e59000000000200000000001066000000010000200000005c40bd62d7f6af109cfd6a1603403ad7b2a4c49ee5bfe0a6c3b4c1cc11b2920e000000000e8000000002000020000000d82dd20a6892488a0eaee97976dd10168105306e10c986e51bc8b6462642e82f200000002ee6e395bbe21f93f53d4265d92ee638ddafce09731422f7481a7fb20296b93940000000dccb4d02267f1d55b28210a461ce550246d9b190f905f94d6e8aeac402d779c53254189744b23edb58c671060f286820ef0389a37d3e6159f27f03195a9d2b86 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9DD723A1-2966-11EF-A293-4AADDC6219DF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432486" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e4947273bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2172 wrote to memory of 2072 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2072 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2072 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2172 wrote to memory of 2072 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d504e108f58f5ea61aecb9d1f8ec86_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2CAF.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2DA0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 811bab851b73b7eeca176124d62f2632 |
| SHA1 | 7cbbb94afd71829bc83c9403c46c595c2fef88eb |
| SHA256 | 9fba4085f4835b4e7ac359303c0922a93ef6001e6361477a900785f9d658ce3c |
| SHA512 | 9207e3cc71fa3f75f8efe752fa55a4a60acd64ed532f6f34340d60714e0351a9c0dade39717f368d9c2d0082e6f0df50a2844601aa01acd5214e1a499181b9f1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58543ee6460de7c2c41fe548125fa1bf |
| SHA1 | 81bad8beae110dce9278cefd034e2c76b2bb7d35 |
| SHA256 | 15ae6de1a7df715be483b0159e6cf0546442459bdedfeccb5fbe7aa2c60accc1 |
| SHA512 | b190bb01abc43273faecd6330092b7c98dafac48780b46895ec6d09ba1cbe422b06ae560297d98387e2b696dacfa4ca0dbadde338b5c26c915d16aa059b7cb58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c6be99c75d0344fe33fc9323de558232 |
| SHA1 | 25d7919aee14aa95abe9b5bf0e7a4fa108b03b50 |
| SHA256 | bd5590128e854d0be7cbee4e9a47a418fe40e7e725953389b7c8a0f2d1039d66 |
| SHA512 | a574171c62e90d9ec20a9d6b693f8de68e4dcb2d6379ba30d733a87e371a7dc4e1a881c9d1064a7e716faf15e05dcf54bb9033e02d88cb24de87ba6376770566 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6e33ebe92b8b35b9bc0c4ed0c0d642d |
| SHA1 | 50980b83e1642c57bd048f4ebd40497973c30a3c |
| SHA256 | b57794ac1d29671f17c9b3c167dcc0f381d7c792b3ef528dd7f9941896e7bce2 |
| SHA512 | ed6fbc4b3d0b22ded5d051072467700620f063b331b7236d05ef688090674c423c44a716c3b422d926234453e8ab3357086bf46d9e8b1e4dd2f5286f76b2c923 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b446b28cb5eaa92c5af1b0fe28fd0903 |
| SHA1 | fcf3acd59dfd23b7d484574aa4a5994a14a5b20d |
| SHA256 | f94e942f9eba51970667c3fdeaefc4699b08e767a41de3b8a8ea4deffa5e9c01 |
| SHA512 | 496cea4be6400731b481cf6c986045ea6b6be618b9803a9c024480db77031996fa2ddf5771ea0767112d7b018fa114be5b28bd2dcc39c1300c87c6a7188e0fd1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3252d26ef806d108f59b8ad2193d6a19 |
| SHA1 | 6c1559c2e85773a79a86b2014fcd6d531baaf439 |
| SHA256 | ce085f37b49f77fa0700cc1ba5bff96396484dafbc1fa67b26218928b2eab394 |
| SHA512 | 2a9e3f25f1383846e7453ab1ae089ca59afdcc17464b1dfc384379d11dfe550addaaf25e50c2a8d66951231bf1d43b9dfff5eb6aa31a46e6fc7ac92f373d5c0d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04485460f45581a110123e54b5168ddd |
| SHA1 | 87176c3fdd3859b35c6f30315db7d8a7ea60464d |
| SHA256 | 411304ec473b63c17ae349ec2af88828836cf8bb47e03d41460ae8e32eabc835 |
| SHA512 | 57e85a933c5e8f3ae89cca948920c03a58a843482a719bf7f2da5f33bb35769d95502d8d045013220f5545761f4c658d279a7a089a3150c1890f602496533d0f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 238e8f6ecd877575e4743eb425eb0c51 |
| SHA1 | 106ce78f3e878af29d7634f56d1cedba40fc360a |
| SHA256 | cfb27d9d32fa44053b793fa957318da79819c2f698f0b17970a79a719a501b76 |
| SHA512 | 5114761e0d33198280395948366256a5d4e5c00ba1003d7f2d4f7187b886f4d9f0602d2b046a7accdc5605c3e2f1a0b17b7fe986c5f488d93c116d9e5c254a60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 997d8bf3f8aecfa25e3c34b7e378a681 |
| SHA1 | 4a311fbad9b34c5006da4d3e8d5bd7ec58a1711d |
| SHA256 | 43103236f943f4dcb823419951efc332187902a31b1b8c8b0ce4ebe30f28b2ae |
| SHA512 | ce6bc4ee53ede70667744847dde2688ffd108b0252ac9c07ee7ed04d9d7d603114ae1427aa64febb099ab12aea79ce0d705c400131b8c6f3c6a45a971019f10e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7aeff0f5cf23f5cad7b39db7be3c599d |
| SHA1 | da2158364fc59f494e316a9110a4235e1cc2088a |
| SHA256 | b8f888d978d9f273a99dc04c6cbd7c589a562e1669b2abf85b2790bf487b0fa9 |
| SHA512 | db9d0ad617d6a9b4eb75b69a474f3824093bffe60273922c07b123f307851bec3215f4f853da12876908690cf7101a8c6e877625d45934cf8172b179cecb78f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b1d8da93d9401e4bd542124df68666c6 |
| SHA1 | 0194687dc5c524e7ef8368d941109716031b3f44 |
| SHA256 | 2f4de256d3144dc1dc14690b0f4d792387ed3842c0b450289b37c9abc53b008a |
| SHA512 | 4ff461c85eff90c4a79cc154e7977d5819033024e45aa9f2aeff417bc8a91930578cf9061ce45694d22b9c194f10c65bdd5c2cb372103a67e570506c77499352 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0f900e376d09caf9a903bce165023a9 |
| SHA1 | 681b69b2aff08813aa27356dfcb788cb20c107ae |
| SHA256 | 4a9005fc32591ad7a8847aaf41c89fa48aa1a972509f548c4f17a567e65ab34a |
| SHA512 | 661b57f490841aa9d6920c66e7ada32a15f1ab74fa236b4685247ceb325b36cd683a3e896b79cdc8bfbec9cbe415dffafb8b83e390783fec7c6e66adfbe5d53e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dac63ee61810a448f6b1389b87c0a53a |
| SHA1 | 2faa89f331e1c92b6bb54724bf2a1c024f61b417 |
| SHA256 | c1e2f96862d26d5c74e4d0d1ed5981c121c2696ef443a3d7814357f03ba2cc31 |
| SHA512 | 66c6811bac635bfa9c1eb1bc9ad94ec76789b237a959c28bfaccfc59b2bb320dfe8e87d4ef92974a2dd22a0d6a79ece8de80da862bb03e16e42004a7b044a131 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 555541354a5646afddbc7a6609c7e4dc |
| SHA1 | a9cf4eafe3f5bf4b92526bf402e99ffb602e8ee6 |
| SHA256 | 743dad4cab8cf68ef4c2377dcc53ee9ac43a3a56685ac332a3258b05e6d83df4 |
| SHA512 | 966078acb94e153fc558edb5939122713353fe22aa1341e64f9ade02ae084b6835dc9b7959c26d42e5b766d60d75d1a32c48bb2c553dfbe0743a758b9b61edcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 969f36d55ac2e062908ac659dbfe3c16 |
| SHA1 | 489f78bae67dd5a4fd398a54c530b6de165f5365 |
| SHA256 | 261f613ad862389426042b3736a274922d7189684361eb81c0a67080798a5d6b |
| SHA512 | c874f59b4d507d89422aa2cb07a190edbab6fed7dd12f1b802fda4279fecf04529d363a32caa40d45b11107da449a17fa55a1a9538532d6c5283484dd46de2e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6600c9212ec7e3fdb73e887dbf48f189 |
| SHA1 | 337ad12fb2a12c650f1a7e76c8272179d51c0265 |
| SHA256 | e855c27983142bf98f76b5be60eff5850fccaaf68972d51ad396b6d0d0598a8c |
| SHA512 | 85b61cccb5d85a2bbfc370696372b2c70ba33944d6382feac0b38d6b562097e38445e8e45ec382ff61acd71be5d77a5f183d264ac1805b556de70ff86d17b8a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cb3edaa9678ee365727e6e1ad4491bd |
| SHA1 | 3d18eebf4a1ea879b08611070ee7f975634109e6 |
| SHA256 | 3472c87ce03313b148be02f97bdc9d531b9e5348ce184f458a95b2b0bf2a76a1 |
| SHA512 | 9460f454e24dd9fd2e9039282dd81c0bc282f688c9833f3e3f287dc5a7188d39b3d767e52cd966b9cdf5b1b8aeda77edf2111d2748a24f08800e1539d2055e90 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9cdfe8ef33ba3e823bbd65825664ebfd |
| SHA1 | fcf896823fda985d2f40fee8b83dd72d2b0b424b |
| SHA256 | 848e27427cf74127f441999ea2b09d6b62611c0db1577726a7a73dfa282b503b |
| SHA512 | a9e067bbba6f04041f20b3bff6b540921d953c750955ff81d0f282cb0a1e7b26e7b6d616ede0671ffd0bf70176c0528be2858c0122d8602bc61a600ac509b9c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b38b14365231a6241c05cde420abdd34 |
| SHA1 | 99fb7c2e363db8c4416cc73d0dd94afeefcca7c2 |
| SHA256 | 7d3b4189a08e58af13779514b282b4c0b4c4647bc67e405e7c1ec64b8dde1803 |
| SHA512 | 6a2d4a6cd32c9df1feb19e943aedabeab3924705ce97cb8a0e423725738f43f12c0cbb9ce9ccc58db9c4e8dd1159c1d895b4134b19b8ce7a4e8bd24884f858bb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:23
Reported
2024-06-13 09:26
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d504e108f58f5ea61aecb9d1f8ec86_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4732 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4668 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5724 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=1044 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3828 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4028 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.77.117.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.136:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 136.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| NL | 23.62.61.168:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 168.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 252.15.104.51.in-addr.arpa | udp |