Analysis Overview
SHA256
077d0d1a69bcd71311a043593c49935a551e3856aa3b4737ab49a0e75290ea02
Threat Level: No (potentially) malicious behavior was detected
The file a4d99fb08847a5a5b45cf3fdf97c113f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:28
Reported
2024-06-13 09:31
Platform
win7-20240611-en
Max time kernel
121s
Max time network
133s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4FE6D181-2967-11EF-968C-FEBBC6272832} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c070c82574bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000fcd7b5e2e250ab4e1fe3f13eabc06255056863e30267c53e12fcdff70e22c7b1000000000e800000000200002000000044b40da94148e4f664bf261214e837c4fa261857d362b0e9dafb47a58d13b3f5900000005e15f8feee08a866c09ea30f10fcfb1c46864b430240354ef05ce8dac1c750f0f4502befbadd506edb14f2c47bf8a48d8aa7fb8df32015f50a137d8b67216a003b461470601bdd3fc8cfadddada9175cc6aa13b9cb081bb7c8b3ab4fe5f43418796c02bd379dadcdfbb53ed9749d008b3b6cda6ad2a26375a61d97d32ab2d97a006948b4ae11f2fea2abfdc29d79259240000000bc0982daaa682b313cf0016e76c81ad3db96b6121e3410b22177b7483cb7c7b81f637e65539c3c61f75f8556f464912eaee92733dd34c69c8077a1c459564a6a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432785" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000fadbb16481011d5d0396b31a546214f71626dccfe848a3e89a53ff78f5191bcb000000000e80000000020000200000006d43a63c61dc7828a192ee791ce192f6e565f6387e347bcd74fc24d907da15cc20000000f251868591e76604836067af0650b4dce97515b43c46abd0b43393f186accc8c40000000b405ab56667d63c74615b2a2aee91fcdd4580353df40ec9fdd153fc9ac918c98ad08a1f1938318a4321dd5dff17dcbb1ed66025ec6f76106e77ab5b7daab613f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1724 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1724 wrote to memory of 2652 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d99fb08847a5a5b45cf3fdf97c113f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab85B6.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar8675.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 906ceeafba1e5fa8efd4c51b9abf683d |
| SHA1 | b3a18ed0de1ef48e5b74e54f94d94717d917086d |
| SHA256 | d35a6558e80bc76997e4d7ad6418f2b25ffdf8c2012433ae02722e7a4aad555e |
| SHA512 | b42816b078279dd4a95cecb2abc703b564a58aca7ed4f30566ccf37a34665c1f0595cdeba0ef8928cda21efcdaf15d785584bbea7a1ce892c243332978e8d1ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5126e4cce956616b880c2893a1b158b6 |
| SHA1 | 553f2d4c390fe91d6295121e7506e59c095063d4 |
| SHA256 | 1e9f4da9daaf5d9f2576175babc71b21227db49889ed64d796c17da77c30072a |
| SHA512 | 5167d55dc734773eb92cf7118dcd231cea73ba109411ec7649019890cefd1384fc8f167cd4b2414832c6bcb74d27c6afbc16d994e223133e664e0948bec825f7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | afaee3ffc3aa4ca354231e050426f996 |
| SHA1 | 3530e5a20863ad218d0ac2c3e888d1fb99f3a207 |
| SHA256 | c9a4cd5eba3659e13a6c490e0b3d0af35244f047e9ed43fa78055e101253772e |
| SHA512 | 4847a061875ef02807ff5a1dbbdfd6418bd8b56a269cc963e9a6055a62dcb32ffbc7bd15e7100c89b3c4de4d7ec8212de3198b60539a4e90923f3a5612050dc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c40034aa01398b8447e5227ca5a6284e |
| SHA1 | d5a1fe56f73782049f72c63202ca5393c58e5728 |
| SHA256 | b138f0aafadcd00ef005ec945a885e0f9e092aa476cbc656bcb86986f96cffc2 |
| SHA512 | fe657de359a4c70031270b6efda63ddad3e9baf3837f012ba113d53a9ab9a701db64e4cfe3fee25d2524ecc89a50be96e40421d9d796b8d5423f81783d46b13b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f9a287860537ef877e9c4b9ca91b1235 |
| SHA1 | a1b782ca7bd536dc5cc91752e8a19c445aeff996 |
| SHA256 | 5348c152a4a3a7a5d7c56113b52b7bf39c3e791f5b815a63a1295a0dab988aab |
| SHA512 | 8ef487e8b4898ff0f85e9ebd64cf59b142c228e7e59e7bc3ec1a1a2f253c8836f905a2eb1340162976e5bb702186cdad78017f422ac659912ec7e8fdefae3067 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ba9d82463738869b220e2f42fcb2d0f |
| SHA1 | 6132f5f0e12142ed9c3a7453589f60a1003bf65c |
| SHA256 | b3e88ce3257712519317eefb0238663179747c0ca1c4d0e2e26d86f90bd95d58 |
| SHA512 | 0c7d9942c15605a34eaad1507d8275fbb51e7afd3eed70f548798348e8e23b78370e15949476dc64a37d6bfb1efc9322742746365d61cfd4457662f2ba1b3b91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d86b39bc90606af9d08ea5bca0b7eb88 |
| SHA1 | a9c89b26f520fb5d83e1c54b376b9fb193874c45 |
| SHA256 | e162197e424a49af856380fcd98737dcfa57677ba6f89bb0b9e5f2a72ed3d5e2 |
| SHA512 | 9cf044c2341f7c6830105c615ce4d461205d1a671c1964e99277afed88b9919824100cbf8faa657bc9b26f1a868f5516afabf6f4d0c203d381e423482251cd7b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e819f6316e9beec5610918fd3a66e985 |
| SHA1 | 3ea95d481ce5627db276c92f170c76668b88d92b |
| SHA256 | 092860c74b219165028c589a6e9f4f711439d868fc3193fe3ef64e38c2faf5c6 |
| SHA512 | 1dac35f54ed7fe96ec3a6bf4046282cd74162faac495305c730dae61877b389cc067eb944a331547712afbf9c62c478d7b707e872f57b26663ec793d5440c1d9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bd3d328591ce0d9b2dbc5a79d09eff9 |
| SHA1 | 76ab7e161909bfe75b1b97f4763d2b49f7802ded |
| SHA256 | 50b5d57ce86d45296e28892a8b825856f8e49a514745cc6cecaa85638dcf29fe |
| SHA512 | 0d17416d17189119b843f9d38f4729a8c8ad657138d6a228a61c1f8c4dc238ac988b280b8cbb944d7035636559f93a8bfc579e52839706404aa7fb3c4e45de50 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0de302ae6f6db929a68447353afa4e0f |
| SHA1 | ad1bee0055988a841ee8417cd36057477c5d4f44 |
| SHA256 | 9bb694885f101052212c9eb5d1306b9fb8bc68c10ef561711756cea9df5b2f7b |
| SHA512 | b4e1c2d8af7154df64610b7cddb0c48545a47cfdc0e479d8577992d7b0beab972c1c7906f931af79175a6ba4c33deaf13a5aff67644540ece638f63cbb5f8bbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39614c8f39735b582385316965519b62 |
| SHA1 | 7dfddf0cf91091fcc1dc39f968b310b731bc5e1d |
| SHA256 | 7930d94e97cccd2a6f13045df7affbb713ee47ecc5ec5cc7de2006dcb82a2e12 |
| SHA512 | 11fafb437041d9c8f62f93b7bc74fab52792cf9573d4e2649c30328ee9e4e468ada432829a32668fd29e290ea628f1fcd6b0878e2b40d25f58ce38ecb6ca80d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c38aec57ae754896858c9b504ae35fae |
| SHA1 | 23773eb37faeea1ca0bce928b262e0c4fb95134d |
| SHA256 | ca810984b43136a6549237fc5a62ba6a648a372d4c53f0f70a428fc77f12f02b |
| SHA512 | ab460cfc26cb3646221f78aac5379b81600df0ae27c2a764b706941a72cb2c5b5849969990c497ad8998c8acd94defb9ca7d7e110bdf24aff225a6e017fc0c68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5319230fb27502b911f3ef4cdedfe21d |
| SHA1 | dd855a02508ad06d8f190893347a5d0b557ab37b |
| SHA256 | 876dcd1ef9c5d2047eb515c5a37d464aa46a568cc13a22f59ff70d0ae685ff12 |
| SHA512 | d8c25cbb600dff99a535757aa475bd7f9295bb5cdc921ec7166859fb2008008f14943c7d7007ae24371687a407df0046b3b0bfbd2c9859f37faac3ac7d675871 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba34ed6d2590b0a11a86032024964b81 |
| SHA1 | 9bd4fdb9832b685230948f23c2383af8471870e1 |
| SHA256 | f617f6dfc3a78a22549064e96355f263847411040722399fb9b8e433e721aefc |
| SHA512 | 337984d87ab8b78e514842f35e3fa2403ab8d38901459f50861c7ab19ce07df8f93622e42d464b30bd6c857cc5e5ffa1e5c41619a26c0caee79976aa1cf5bdc2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 446c59788a970b31bdafc5435622c31d |
| SHA1 | 1284c7d1dce21b07a8f8c9f03b7fb525adf0f8e8 |
| SHA256 | 5903c744f776fdc196bbc8bbdbace6c3f9e95ed7fc5f270dc0b180786db9bfdb |
| SHA512 | cc6611d0f17c4a388a4bd4e29a72b6d9a19c642e868e8e20f1de3f4fa8b15b2c5e68470881234d59dbf74c43828420ab5bfb0e5c9006272f4f1d9c8dcdd5dd8f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63127d599fde89994d95fa2ee8e0a97b |
| SHA1 | 7ffa3f894728888b42343e0efa2fde4d22b5d3b9 |
| SHA256 | 0f5cd2b434793033b5b1b412525e5df550494927568b4e9c4aea64f6c50f699b |
| SHA512 | 1a415d943759f4a6c2949f5e23758f322711299543d07e3849022e62691e19cf4b93b8ea5ad0730df2cfff748b836a56285ca5cc401abea97df7ee9490fb167f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2aaf830bf6a99b651ece2e82bcd78fbd |
| SHA1 | dcd5db06c5241f6af6b0db614f81d7e2d57407a9 |
| SHA256 | 06abae40b47e1b26b09789a84da1daecdf78ab97a162bc45e664edc1b814599d |
| SHA512 | 573027d600e5c6633bff1f5370f8ba21ec4df460863660df5711dee3060dcf7a6c312852a4df20af96815709b1ab6db68cec2d5db8c647fd5f1e13eed3ea148f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57cfc3c546dbfae7f9bb96a22a79658a |
| SHA1 | 0c5ca38bcdc079b0280d5ca5c761e61239de8b3b |
| SHA256 | 8300188b223951d4421ccc199a2bba2aa141a6ecd84ad8c0c6b1dae5f5b428d6 |
| SHA512 | dc96f4db31bf74095d82f1c717bc734b68cecac8780e4314788238dee9ce5726d27a67d50f22745aa917c1d2352b1f868b1ac6455013c1d0d550a85d7a18d0e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0d291ea3bfaf9d8e882b1e38a33e371 |
| SHA1 | a02a9ae7950c364cdc61fab99279725f5f98d174 |
| SHA256 | 73a8a92d07600277e2d824ae230208d13eeaef633235b5361b3250f987e95e2b |
| SHA512 | 8efb56b2f8742bb4d021c29f0ac1ae48fe3cf112556465c08ecde73c2a298f96909b6fb8f5fb44a929cda68892a14835e01d1f1a6ccfd49919f6e6854e507ae4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0553e5c3a0a6fdab63c149cd19ee308a |
| SHA1 | 5a995a0d1aaaee83dea461434c1adcfbffc91031 |
| SHA256 | a235167874ea543a5f2a41ffa8d0a4b1341aaee5a59a3fdf977b75bb73dd9fb2 |
| SHA512 | a6d9f933c7bbf6c73571ea2a7ecdd803dca5ff15cf9af0664918252a7b46d1631c3a6b82ba54bfb4d15b3303bbee51150fdb4ab0ecd2f01678469bd96f6ae0e5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:28
Reported
2024-06-13 09:31
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
148s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d99fb08847a5a5b45cf3fdf97c113f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5652 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4900 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5832 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5492 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 96.16.110.114:80 | tcp | |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | content.incapsula.com | udp |
| US | 149.126.74.200:445 | content.incapsula.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content.incapsula.com | udp |
| US | 8.8.8.8:53 | bpyhz.x.incapdns.net | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.74.126.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 149.126.74.200:139 | content.incapsula.com | tcp |
| US | 149.126.74.200:139 | bpyhz.x.incapdns.net | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| GB | 142.250.187.234:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.186:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 186.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.73.42.20.in-addr.arpa | udp |