Analysis Overview
SHA256
89d281ac420db3a3fd1c287a7c3ebc03b0998c3bd882070f0426ee7fa73aa71b
Threat Level: No (potentially) malicious behavior was detected
The file a4d8c9e8a2ce1f2d36a6ae60d16da77b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:27
Reported
2024-06-13 09:30
Platform
win7-20240221-en
Max time kernel
144s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432725" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40e9301a74bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007448f154243b0049a847b23b2a8a269800000000020000000000106600000001000020000000c789d26405fe35c3bebd04efef4030aea530a7e066c025a087b142f22178a629000000000e80000000020000200000002e70042e6aade0bf69169669d923b6570ba43443a4b620f127f56646495da11b90000000f9a3561daab476728685f8a9c6e48656ddd9aad8e6fe9a95931786f62bc894eb7e089fdc536c3c8103186a71822808eaed11f7981536cd690387449403ed49ded4ed6599ea6607fa3efede7622420523c559d3d4e4fd82f08fb830bbef2ac1c765db1a1e14d44263e779ad52e92855424df995dbef2a547ab90a17063c4445cdbb4e97e066fe68d31289ea0b58d2be9440000000664af5453aa46e1ddcf69c5d49c1f1fe1de1438790483d9e0f75b67bbdc2a9ce4df1b3490fc424d8c4e4f1bea4f528887852240504a8e2798ff041b108165405 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007448f154243b0049a847b23b2a8a26980000000002000000000010660000000100002000000092de13dd2296551b14a86224ae097052d0dce5083ee8737fe645fa0a671d14dc000000000e8000000002000020000000a292212a6fcc15be8090d37b83fc16cdc41c72658f2117cec9056f6b9647d36b200000006fc41b700192595d906cd3444705d0d46b232b32c5d93c9240092c9a3a65c54840000000e74ec2a79704e46d96e34aa3a681cb2122a68f2fc67b4d6ea20123621c8248b8ef341b5321e6dc040fbde114ba0f95cadcf7f418370dcbf4e024ca02b83f6d27 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C5430A1-2967-11EF-AB07-4AE872E97954} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2004 wrote to memory of 1336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 1336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 1336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2004 wrote to memory of 1336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d8c9e8a2ce1f2d36a6ae60d16da77b_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| RU | 88.212.201.198:80 | counter.yadro.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2DCB.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e1ea556e9ee9ae20992def115437319 |
| SHA1 | 79ddce370658c5a4145ed992ec6afe54a5e914ca |
| SHA256 | 92a09fbd5e615b53ca44269af204b623ef5a2380fd5392f021c5b5e8e52830af |
| SHA512 | 87af451178fecfcb2e5b413ee5e5aef08107cde51ce65f79ae1408e0170c6c53075e931dfae29a6b413ead96cd18518fdb0984952785213a0600964e1be88c81 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 474826442a6fb871818bb0aabfd9b2ed |
| SHA1 | 21d5f87e03f004e7ed854105a839265fd33c1a19 |
| SHA256 | 766953cb473d426edbbf2b33e3b12d0c4b0e3c04f474c045264a4430c077c2e2 |
| SHA512 | 4344364a5a6312c3b5f0d65f7f6e72985badd895ddc01cd2011a51b93156fd272723b427b1c9595438ab79b4dc80bcb1079c3bba552666f48f0857cabc1342b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 017bad542d8cdd9f0ab8c1dc616a42a8 |
| SHA1 | 3939438f5466ff5bd6cd01d820eb9377887f2442 |
| SHA256 | d1e1f568fce92ccd785079776a31bd2db62be064e98f3a1b334d8da0154c1463 |
| SHA512 | 87a89e25abfb97073d8077546fd80c4933ac20a47d6e5df2b83f4c08d1b598f42a4266878fde29865a6374f87bc7a086ee7c0aba4d47026340b75471a594b23b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | c7404fc6e147f9367fed3a97d39acdf6 |
| SHA1 | 9f6e1bb2bce453812a04010b3170dab76803fca9 |
| SHA256 | cd025d6e0954760ffca0925fc4abf99d51d44821b8e86ba6479dd3bf80916697 |
| SHA512 | f87865914e31bbc1e4d2fae7f945e2cb37a54f298d85d1ba0b720dcd396c216d1bf5d83709e85f58f9bc1bdf6576726f51eab01a80a735fe0ad3b2d345d03f43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59efd7aa2ea539d40677a3145bd83c1d |
| SHA1 | eaaec64227ac45357ec72457be49294d0d0a312e |
| SHA256 | b0e19d4fa1e7b01ea09fbedf2339c59697253ef8139dec66301aae411522afb6 |
| SHA512 | 9a1f4eec41ff922dbc8190fd9b6567f0e473393b3f88936e1b5a285f5abff8f1d23a36c335d31bb964976251cda372ac6908f0af7c5018b48f8f43c163195be4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ccf92a15b7ecf100ad5ccc6502a52e6e |
| SHA1 | b0e9434d65548d061db22d72793e160dc7e028f0 |
| SHA256 | aecc2c3f3df426c341fea7176f593b79a4fb1c58ca288a91b072e731ab1dadee |
| SHA512 | 11801476343498578f28b8cf8989a818e20eb165a3dae2bf46187347310dcf04d64fde9a40c0d741701b5b857a8bd8c87d8ffa7842884cf455504d0741697009 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12c4ddbd7f435f64c85d9e0b2733cda5 |
| SHA1 | e761569d936a0b9d0b23d544a27ad24dc9791985 |
| SHA256 | 8fc33aded24c25294403293e6d693c03e4ea3d6d231bf4522e4469cce8048eb7 |
| SHA512 | aa2dbf2952418dcb2b0efcef16cf008a7959df604126277339bff6cc15bb0e0539552d47aa2b589f2cd2ad6c1b07bccbfc99653e8fdfbcfd43f87db34f7c2fd4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 545dbeb12350c677a1a5dcec041cdf0c |
| SHA1 | fcb826cd6e9a3089abd002a8f0800072bc108ced |
| SHA256 | 37b81166fc8b705fb6c9727e8e899f7f11fd38ef7510a0c60f31edce1dceaf4e |
| SHA512 | e593f5a925df072c78c5838621a78f74e4518ce7c63b6fd71252e3d815bbebee46cd24ff56d8a121c65850948f373d69472a3a2df81d8f2301a94fe7cf451522 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e6b17c329a7e924b6f6ef7eaafef42f |
| SHA1 | 3aa0eef287719965a726b64d628372938917e353 |
| SHA256 | 4db3e22131f039d7e304e8d0bc8f24315a3820cf78aba41185f670342006e332 |
| SHA512 | 4df424330937fe940ad044f76c45c1c6afac80cd931f5eec588356dd4cf2edb7955854b6551da3e92a935dd9a7e76dbef3fc493f6c69d1efcbd6822160b4a243 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 9f439470963555286f542e2f0a074177 |
| SHA1 | ebd8598f97873cb4e03fecf479c2ba57cceae5fe |
| SHA256 | f8fbaf4b59439bc01f35561deb82e2b4cb59ad9d12546ba9a38f92fdbba6ec04 |
| SHA512 | a55b98e14968dbafb181c53b8db005aa8bc2303c70df8fea0b4ab48bceb29faf0b9ca8abb6c6828f7223c1426cd8c46913b9c62cf95413e76466cb71691fa2f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 327640adc1ea62ecb34bdc37bcd18884 |
| SHA1 | 91cf11fff7774f93b76168512e1dd9867bce949d |
| SHA256 | 787d9b059395c451b2804861b31270ea5e19a1645bf3c59ff50eb7b4f6a71db4 |
| SHA512 | 0d819468013f6bcdfcda06542c713fb08ee8eeb7b9776e916ffe5284586398c5ea0771ea0310ec9384f06f8786aea51121470eebdbecccd6f4a91faa112cc6c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b9d8cbee0028e28f79e95c776e855ea |
| SHA1 | 315df52de4ade0f6109c91dea1275c7292886eee |
| SHA256 | c7625d47d4bd3b39c7748fa1f98908a44c51969d890b191dd9fc8f036af47a4c |
| SHA512 | 084c975ef81048a27dc82dcc74e01e7c079d3e3be5b2ecfb28ec1b602d0e7c0660779f3abe63e611e84231367943b8c3c52a0bd83c5a54c3a2de96066e187015 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3603e7b693d834b263b28e949c6d3ee3 |
| SHA1 | 4dce8952defc9de889533955018ea7b852609de2 |
| SHA256 | 754852e565a7eda9e3ff88dd4ce9ab7bf7e9f09beccd15509cfc6c361ab6ad6c |
| SHA512 | e64590dedb0cd3317510b15dac65dc1b2805cec81279952c1e98a8dd53b28184bc972b91f6e9d7344d56406fb16155fd677cda3821491b4e2f7d0b8ddaf47c36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22f4402b64b079630badf6d8951202ea |
| SHA1 | 6ddad676c372146261c91159edf3c60e3cde80c9 |
| SHA256 | 697a72e5930e5f0837131706691671a874ac0510d9ac498a75eca7e88030b5a7 |
| SHA512 | 51812a86bc277977db4ff30a63ce911d4d07f018c2d9ae01a5c2937e1be2afee805a447b99edca138f55694ed9ddec75e3e2590567648a2ed7e24d6028085be7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9ed00a8a5ce911cce55c5ce289a5847 |
| SHA1 | 955091056462c0a1b063a61e29d70a2d3166cf5e |
| SHA256 | 2c0fcb9e4aa85c9a3f04ce932b6f4f87cf40e67cf3b2c1308c0779374833c171 |
| SHA512 | 72cdac7a5a6244ff3f4118a5f75b3e94be8edd976930935a438108d5da871ec3f5322a65416d6c273b90871dec081e90a065d3f81d121e243a7d1fb4e53faf8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dccc03f5479fa77248f6a04c5f061516 |
| SHA1 | 8ebb9a07ad300655b4d11d21de34b7db82331bbc |
| SHA256 | 970f1c63543d84710153f7a890adf969d1f6961c1326177e8f3585f292541165 |
| SHA512 | 5a4f33e7efe1b0362b6ce0e0e678338d9928b32d244861c9de82838e7c3a367377da88840bbeb603deeab1449b6425c524d039f34bb4835a48f87a9e26fcc6f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d72af5587cd878c909a4075f938d0fa2 |
| SHA1 | dc6e25fb9b2160f2f8a418307fcc416ccf46c3a4 |
| SHA256 | 15ca58ccdb44ce1f722c85f7a19f43ee27536102cca9c4d60d0ff24aa2955223 |
| SHA512 | 959e9cf316e0980926ad61a6875a8df464ff779404de4c7fb46b4c634d9b7c40d3d21063175a2f551cc7e8d482b425379f77a3e65bc9f9db86c351d3f829418f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 558803fd72e7fb0975bc140e92dd72ac |
| SHA1 | 1b04b316edf1acaca439ab717697672fcccbdc3d |
| SHA256 | 2d5f0b7bba75c67b666565abdb54851925c8c5940f3bd158660c2b174cef8128 |
| SHA512 | 3b7e52671e6afd25afd0796ca247fa8e9f6309c39f692127e52a48d1aa23cf4e8dcd31d91f3622890ff773f38cad335f111048812d1a8b374a8908e0742f7d18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08fca44c0ad2bd69b658553a37bf5f40 |
| SHA1 | 36d59171818b0ce630beac9cd5653857c3b1f0f6 |
| SHA256 | 050755cb1d3416e0505cb4829855514ca4e9a26890e93fa552c0c69d0fe6b33a |
| SHA512 | 2eb322a4bf7120b75884669a12da68a367628b05c0e505944388249067ea573cd1c55318d5be516fbe02fb23ca29c88509e33926cff261e7fe04ce389efee7a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 762d7c51a794da986fde8ea03f289042 |
| SHA1 | 465fb5fe0a782f751b58a2173faa768ec293ef01 |
| SHA256 | cd1b152ca859bdf9258af9537367a712f8bb2526d49194bd559f3a4dac2a620b |
| SHA512 | e97dc3af3add02d6a5966c5c5066a0beb3843926e6128f7a5f874e8a64874e81907fca5b36abfd31957a170b3c22999acd35bd8761719478b6b2f039004deb00 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7d75d95ea2a7612945d39465f2aca1d |
| SHA1 | 13e0996f88421ea1b28bf60ef57d24f41b7814c8 |
| SHA256 | d32a17eb238be886541bc8b7d7db73ef5ed0733661ee4157e27badcbc16fbb02 |
| SHA512 | b2308d2a2e795aa2ea3ecc0c1fe965d1bbe5b3537590b72b192b753b2cc0e82d708d277b6145fdcb3ce1f1fd0a44ff5bba362d3023f2f6c095c959ee58d59ad2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f8ca22d37b54ba6cdb593e3eacfd2ea |
| SHA1 | 208772a1883c0c47a10a18e34c9db223cd818f6e |
| SHA256 | 3561e6cad830dcbd4ad412a5dc2d2f56be76b1f0719c8cc11adc75369a8589d2 |
| SHA512 | 63eb13b59d1b491e7d8a6636e0e2f1661f55cece1ce6ceb3699802ae214db2d0f88530d0b30697609a44f08a568c8becc31a479b69c90a4684e05f2b4091c62a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6d6946c2f1325d9b47d3f0fd8f6ca90 |
| SHA1 | b8dc51f34f783d165490ce8bb6f72f156db6900b |
| SHA256 | 367d264f11c9428c1bafc34b66ba8c171ce0f847ac246b9ba68ceb33ee801b5b |
| SHA512 | 33d1675e27227fd4dae1155edfef7901c42f71f486f597a20434905d578737c7cafd5847cc621a43c0e9027f368de7cdf521fb6b5d9bf5c52b8572460fdea471 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:27
Reported
2024-06-13 09:30
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d8c9e8a2ce1f2d36a6ae60d16da77b_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5348 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4936 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5680 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5752 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5808 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6108 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| GB | 142.250.178.10:443 | tcp | |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | bs.yandex.ru | udp |
| RU | 77.88.21.90:445 | bs.yandex.ru | tcp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.205.31.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 125.132.156.90.in-addr.arpa | udp |
| RU | 88.212.201.204:80 | counter.yadro.ru | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| US | 8.8.8.8:53 | 204.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.52.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| RU | 213.180.204.90:445 | bs.yandex.ru | tcp |
| RU | 87.250.250.90:445 | bs.yandex.ru | tcp |
| RU | 93.158.134.90:445 | bs.yandex.ru | tcp |
| RU | 213.180.193.90:445 | bs.yandex.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.201.198:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | bs.yandex.ru | udp |
| US | 8.8.8.8:53 | 198.201.212.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| GB | 23.44.234.16:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.22:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:445 | mc.yandex.ru | tcp |
| RU | 93.158.134.119:445 | mc.yandex.ru | tcp |
| RU | 87.250.251.119:445 | mc.yandex.ru | tcp |
| RU | 87.250.250.119:445 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 23.62.61.146:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 146.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| NL | 23.62.61.121:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 121.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.17.178.52.in-addr.arpa | udp |