Analysis Overview
SHA256
d1fd400b04d1b7f1a70e09d57e98fe89ff58d8970fe7e4313b4bf93b01128474
Threat Level: No (potentially) malicious behavior was detected
The file a4e8073d9621d80dd6581a667ed2e8c3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:43
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:43
Reported
2024-06-13 09:46
Platform
win7-20240220-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c24c05cfe4d3a4f83979171b6b2c8a5000000000200000000001066000000010000200000008e355ab57c1a2082b48b118bdd168816349044db14438cb731e45f10dae309a4000000000e80000000020000200000001d72203b070b1cde490ffc13cbe78accb108784c1fe3ed26383cdc6618c707d520000000dd53c40b998a7d937d76815e2afa80ba0bd969d69f71e889f97c882d07807bdc4000000011ad865029e593ea10ce3906f6675382e8ad7383c5a12affbc93fa24e14fc5b4ea72226b2226545d86527bc3ef5524b106e2d1cd32227bd8ad6e0d11da5d6cc6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80d8183d76bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433685" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c24c05cfe4d3a4f83979171b6b2c8a500000000020000000000106600000001000020000000cf5cd4d67a5c4905e7f6ceca88deb62a22f289a7100896d799cc8e27a2b5f657000000000e800000000200002000000060cc8a34b22a0b1671ae043b742c7869b966afa9ff1056a1d56508d7579b31b090000000772cf6cf7654d238d0ebd5ab4892da1c91ccaea4d81456c72b1e118bdb3f4b6ddce1061254ace2748a8708fc20de90d65f0c30c9aafd29baca61c6cbf7fe611f246d9f605bc1ae1a59c6d82d6427be36f5d0ecf5c14aac8d66762b0128cbb8ebcb3720f5fad6357786fffd1b3c157dda11f87b28c10089a9e326adcbf06a2d3a96b94fc149a4dc2936fa94cd7970d2af400000009e83603e8284b109e787c076b4cb01808574902eb938b43387d2087826dc7be7cb1d390686adb412961d2d0140a0e9e156b0baa1a6120da02b79a451394d1b00 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6878D931-2969-11EF-9A72-56DE4A60B18F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2468 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2468 wrote to memory of 2656 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e8073d9621d80dd6581a667ed2e8c3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2914.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar29F8.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8113d9a758ce15d4e3b37b2ac35f724 |
| SHA1 | bddf4cbd9ac05dbd5fca6ef8b75751df665141bf |
| SHA256 | 9ae43d0393b29b4d04cf4c23bc34d0bb9b5dc510a15b0f0ca1286e9203a596ae |
| SHA512 | 7b619e76de6b82b57eaeaf97ed61d0e3eea1e7e85305a8d82d3c6099bb0b7468298faf52d3b5e18430590bb37aa17b84db755ce591661401c55ec22c884a6011 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6216130c6d8c2d0151d5a3cf2173a835 |
| SHA1 | c300b07b9f86e7fc45e217c5b213bac76089d32e |
| SHA256 | 81c9d85b0541f3e8b8b53527f78ef011cd3c09fe8da86fddae03c94b5ebefea4 |
| SHA512 | 7d1d8c028f65ca07a388ca373cff1d6eb973db77e3d9d54d8ef35ba5b3769eb52ae49e5ad3ef3fc3b111ba2206fb0b1dbce483ae584be5c9f1e28fdd6b5e413a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f076757386be64f8bf09a44578c54938 |
| SHA1 | 4b17996c5461a2fb1f45aeeb4689c05a2f46c48a |
| SHA256 | 906998e0f0553e404338a2e12165ee917856e03edcd8545eefd3dbff8b2ffcb0 |
| SHA512 | 99681d9e0129006d9c55f8b5cc73d89ae1a6b52550b1a9451689993846029bb3a22040dec7133daf0b0085880b4cecf90e252d2dba82f06b3e6315a913144f8a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18728f44dc37a2e110f9aa642b1c2cf3 |
| SHA1 | 9e1bd9cb80d3660dcd847dd5f223da83c77f481c |
| SHA256 | f77212474001da420e2e1e0d8f10ba0b2d4b675fda56539e50ae40d37c8f289b |
| SHA512 | 05756941cc5ad8bde7f8435b568f05b19641b768bacaadd7a05855209b66fb61e6e73b87859b4e7e8090414db9ebd7de7dba883c39dc709b77be6a76d47dd02c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 308c4ba04b48f1385a0fb04bef186c04 |
| SHA1 | 76fb0ca8eb2e8c894adfe3752a803e76523dcc79 |
| SHA256 | 4f379a347cf53b03d318fb25400d9cf412f7376076f74c02a5eaab53a5f9e4f7 |
| SHA512 | 64fe4ed2f99b73f26da02a093e4bcc175dbacd1f42d86cc80a6f2373b32c5012a3d333639878e37347c76287eb0fae7143b3147ec47fb9a7887182726cfc48b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7659de77af2351dffdbe99a405d22bd |
| SHA1 | 76aac20d25d7d4e2dd9c575ede537b87ce703447 |
| SHA256 | 8958d378ede47702087a48f2edbd992ef528c3b724aadeaad25a2ce73da8face |
| SHA512 | b4aa35e86af2d3575ac16309c431f6e0e3146c32079181b3845ec813a6ff7cca2674549e76c215dd44f11888ded8bf46a8a77d1e5f43bb73040044175b9b12b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70d617b87d5d5134097cfc1e241f5592 |
| SHA1 | bbbee1586c82975f84f99373a167edf12ae551a4 |
| SHA256 | b11531107e0e42a23e399f2856b8f3fb8684c512ca43b30268d78bb7db1a5a2b |
| SHA512 | 1f4c59ea7a9f2774bb4e938493e0e93ee3200ebad3c6f8bf876e2333e60a114494af555bf4bbbb3e5ef2ae788ecf4344b108f3e497e0b9da8ce8e8f88fc77abc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70ced42d9f06b7bb8bde441590cf5925 |
| SHA1 | cb96c7ec17279e5c46a7431a78761134c8c2a21b |
| SHA256 | f1c8df32b0cbef4f15c1ee24ffc60d34e7ad9c81478c0d2fdd8622a5929286d4 |
| SHA512 | f6219e487a45582ea8b65858ca77b2c123d70aa309270831891776b8f965e399b32fce2ddb099258fa1bef8ed6f6a3fc3d50455ae1c52bc8c5a4a2b78f59f451 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b85d434b867d877a50400edb43640583 |
| SHA1 | 59f21d71976e0659f081c14d1b86c0ff7971d91a |
| SHA256 | 9198986174396e2cc110563c2aa67bb7a14a1f7af639ff3cb9b769407a5e09fc |
| SHA512 | 6f66e38e362c59f59c6df2b1163fb89249b93f37fa836ebf18a83f9143fa3fd5692c881e976fe1beb358f138f6b75924ad1f4bd16794a702d416c27a93df26f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 552cacd180989da16ef8a8107b6912e5 |
| SHA1 | a6c214001246d0644555058d7681ff0fe5cd30ab |
| SHA256 | 7af0f3c72f1c6e516ce10e1071bd3d0f0cf7617d5865aff306ce7e1a67d37c92 |
| SHA512 | 65a06776caefb04793a53cd5ba0a70dc17fd4e96337e69c449f91e1ee49d348f65dbc6ec4ccb2f2f00ea3b54d6bc9ce0371b1558abb6b8bec94d666ed56d4df3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65f2fc7b39341c4c7cd76cb911e38bc8 |
| SHA1 | d7e1dc29ad2607cfb75ed3ca3e0a34c8a982f5c8 |
| SHA256 | c97fd612e68c9577f6cbaa18aebfbf4508c187f5f1e78846c7a4dbdc00fe58e0 |
| SHA512 | 667bb7964fdaace85bc425a2fa728cf4c08515f3bc89dfe8f3613ecffa946d2b8a3134dadded8ae0eb13c3b12a0b12acc7d00a184702efe59a3e570226522476 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1b4108f433767bccc0c5c8b0befd8d1 |
| SHA1 | be7a5b25204ebc48373b32a6cd84fa4860e027fe |
| SHA256 | 051855e7ed437719ffc5fd947f00f42182a6aa59e2f7c3b2a7496301deb50077 |
| SHA512 | d85c13a2564d03234306b1a3ab7e1ffc28def4985ffabeefc72a854e87f4d267ef162c6b6c33d37d6b2702271ab378e3c3c7d85143dbf304f1b7a19258ac4f43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee03ede38080689ca3f1656031ea04d4 |
| SHA1 | ab7923dfb37b6e16253372dd663a400b9c6ed4f7 |
| SHA256 | 4db66ea22955fd35987b069998e6d5857e03b6ebafedc45ad80cc20a0d2707e1 |
| SHA512 | 0741203ccdf28f45d4243f4ae02d4a6d5147702472b42d8c8cc5c672568a3d6aaa3f1000eaa604bf8ac8d78b965d4b8e1e328c082a477ca07fa91fba79a692ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41e3220ef2b16e7d5996458b4b57d045 |
| SHA1 | f47df3da95e9c35e109e9c3de39805ef1c181e34 |
| SHA256 | ca474072ef4c58563b72975e47d4a1352b16e131574684fe07d5be1b018daf5e |
| SHA512 | 1fe4840ebb01ea81842ed353ab24f1ef8625d8b7670c089a56be4dc322e96306931a95972d015143c1b289b87e5e8a7d8712dc8ddbcc514f144088cc5d27a8eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cde062c5650a2ffb0db48d41aaa62e6 |
| SHA1 | 3595b7873ae170d68db5a08361662ff2ae98061d |
| SHA256 | d9ed33646beb0c111ff38c598c60c973c84f28dc1c00c4508c786bb0cb91003e |
| SHA512 | 32a901bc2a3401bd78d9ea30591200df038a18bc41dfb95d825e41f9e8d6f97f2d591dc2b88e0645e3516e73e5239856d82f664deb6c1946a8b51145b73ab79a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee3257b13c5e69e9b72571cb31c80b3a |
| SHA1 | 9ff088b7e03aaf28434ca6227674df35abc4e3df |
| SHA256 | 8a4458b88d344ec365d7c2a4db8518d69ba8fc63a0d49effd56f8e7bcee86de5 |
| SHA512 | a759d09ae2bd3a2049e4834a0bb6e1c8ba902c62904446ab0d24c64a4fe8e0c3d5ab0ec9d1673f6277b1b89600a0b0d5c16be2af807788cfafcc4aab0fb6aa5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f9aa20074cfae75b8fbde3e398123cd |
| SHA1 | 4ffb29740a9c2ac9b1f680b2ded7ef09b65c365f |
| SHA256 | fe8a298af177ade594bfb438e46c024a5fce2a42219b4df1f46f5661a8b1bc9b |
| SHA512 | 5253c6b50e5752d19ce4b151d2c475196eeabca9e97e088677ec4fc64179ae7a88d5e285c1c1b77174f014f76ed7c52f745a5cec0ec9448d35afaad57af49a88 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dba06eda465b2d3f0c239b1ef75eb54b |
| SHA1 | 14de16c37264999ee66fdeb8b26502be84fa055b |
| SHA256 | b2dd58b9a7028fd38f1b1e64ffca44240aabe8a29d6086fa58417b353912fad6 |
| SHA512 | fdc89f82189b424918bb5e6a7fb3e190d93589a921bd11023b341d1585bff636477c4344934229acd62d6ebc819d9eabd476ae1bd01c2073df507a2a40ef4445 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67899caa6cc4cab6ce8f8bdfdf5188d9 |
| SHA1 | b887c4cd9e690e0ed9a8ee2b05bcae1235f04993 |
| SHA256 | 8d00068f1e7b35347130f2db28ee4a0bae0d8395d19a6cfd4f02b2dc80fc2035 |
| SHA512 | 34fdb9ff6d6d2e6247e9bc790f8fb004b0ceb9293969719c0d68048a395835a334a2a6bcd52ce3e7262db7d82880e7f8cbd70599ebe0b3b3850d22b0b685d6d3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:43
Reported
2024-06-13 09:46
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
142s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e8073d9621d80dd6581a667ed2e8c3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1876,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=760,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=3808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5284,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5436,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5452,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5288,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=7028,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |