Analysis Overview
SHA256
f6b61f7ce08fa883d591837a2bf238c24a0e6bb70ee3859a00b0de11d95df5d5
Threat Level: No (potentially) malicious behavior was detected
The file a4e98e345b689717fa3868a068013d3a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:45
Reported
2024-06-13 09:47
Platform
win7-20240508-en
Max time kernel
145s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433795" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9CF2BF51-2969-11EF-A5E3-DA219DA76A91} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1632 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1632 wrote to memory of 3028 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1632 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | bac2b.60fn.loan | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| US | 8.8.8.8:53 | bac2b.60fn.loan | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:45
Reported
2024-06-13 09:47
Platform
win10v2004-20240611-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=2212,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --field-trial-handle=2076,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5352,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5360,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=3844,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bac2b.60fn.loan | udp |
| US | 8.8.8.8:53 | bac2b.60fn.loan | udp |
| US | 8.8.8.8:53 | bac2b.60fn.loan | udp |
| US | 8.8.8.8:53 | bac2b.60fn.loan | udp |
| US | 8.8.8.8:53 | bac2b.60fn.loan | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | ui.hub.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | china.toocle.com | udp |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| US | 8.8.8.8:53 | ui.b.toocle.com | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| CN | 222.73.8.88:80 | ui.b.toocle.com | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 52.123.242.9:443 | tcp | |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | 31.toocle.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| US | 8.8.8.8:53 | china.chemnet.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 180.235.65.12:80 | 31.toocle.com | tcp |
| CN | 222.73.8.48:80 | china.chemnet.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| BE | 2.17.107.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | img.album.toocle.com | udp |
| GB | 52.123.242.49:443 | tcp | |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| CN | 222.73.8.82:80 | img.album.toocle.com | tcp |
| US | 8.8.8.8:53 | 113.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| US | 8.8.8.8:53 | ui.s.toocle.com | udp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.88:80 | ui.s.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 222.73.8.91:80 | ui.hub.toocle.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 88.221.83.211:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 211.83.221.88.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 27.173.189.20.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |