Analysis Overview
SHA256
f8f694346a4750cef8ddbd6317634b94561246a950f1eafcb3a650464ea32141
Threat Level: No (potentially) malicious behavior was detected
The file a4e9ce1236386b599bbfdd895432352a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:45
Reported
2024-06-13 09:47
Platform
win7-20231129-en
Max time kernel
144s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433793" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002c3c1dec44dbe644bfa09d157ca8363a000000000200000000001066000000010000200000007ff3a3ba9e626a5be1a85ffbdd5b56d337a4a320d61769e9ba1edcc922855d96000000000e8000000002000020000000cfd2d94e21924a47e162e06f5f336eb01879842662da8e1f99ec6028148042762000000007423c0aab072c5bd4d8cb0f79fdf895e8cc9aad27304f89705cc0ea4294002140000000ee0ca2b2f3d66e43fc0a2a9035d15f55889af7b0556ee302a0de0df93b1969ec3f04ce02c1a57a4e5ce98af303b569982f543353c688e06e2ef2e157aedc0adc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A8DBE941-2969-11EF-A140-5ABF6C2465D5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0034977e76bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002c3c1dec44dbe644bfa09d157ca8363a00000000020000000000106600000001000020000000c248b464ea1f8f63463aec2fb8b93901b6b3469659ccba30fff534c4ccf46c8c000000000e800000000200002000000066245cda5a893a1f4b57903ab3d2f6f0f7b26338a72941fc3ee2fcf36aeac1bb90000000997fd9e532ef11aca0af8935c8bc6cff9af42bcfa69695394530ef935b9eb39f31e17256c6a0802be2a9cc5b7242794fcbf6cf47da98842650a7a13fed750920ed207e4b58674633b57cf2750726e0c4df7f0da03f2202358b91bba3079ceeec10eb4306c2620611514e956c160f94fc271ddae3cddafe49383e40ea89a26dabed8303a4a82b8aa4ada201b05df4ee5a400000000cec2fbe49547f606efaf3e551ff2ebaa1c42dfdde3b42a8167e2601ae5ffed2e0ef857ed9a310d67e2e1f672a216dac354105b34e1ea419da5f5d5676a0dd8b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2212 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 2852 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e9ce1236386b599bbfdd895432352a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | g-v-s.ru | udp |
| US | 104.18.11.207:80 | netdna.bootstrapcdn.com | tcp |
| US | 104.18.11.207:80 | netdna.bootstrapcdn.com | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| BE | 2.17.107.114:80 | www.bing.com | tcp |
| BE | 2.17.107.114:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1D02.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1FC5.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I5X74Z80\calendar-jos[1].css
| MD5 | 30b13c7d3757af92568b9a9ff71d6fdc |
| SHA1 | 3a8da636d6fc3961e6288206466e0481710e18a4 |
| SHA256 | d82d4c2940fb1fddb4c333b983687220ddcaec4889331c85d9c59aa9768cb892 |
| SHA512 | 7e562d8169100cf031157e130cb5458bd33c8ce5a40fcb28fda6bf526f3a867081e7ea7e4cd97e8749409368b34075c6e09fc51f91afc5d9860f1692ff48b08a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6GEBSAZ\calendar-setup[1].js
| MD5 | d4c32a6daf2305ca05758aa9bc063bda |
| SHA1 | d0d85408adefaf1f290b0fefbea30a77bc693f35 |
| SHA256 | 4b7eb3b4203469b16d3102f4d068b76a274a18958a10bd8219f222d81a9dd5ee |
| SHA512 | 19e68dbea5df4dc2ec9666e3bd57d818a2c07bdad8a2b4558e31f51a77e7712b08ed239ec86b426e804d19ec1ca04ef21f4ceba2e1a70ccccce2e873600d71a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92f6dcf020a57adeb22617b136e537a5 |
| SHA1 | 747804f03ea2ea5802e4228ffe84ab72724cfb2a |
| SHA256 | 609a1d485077cfb31c732f796fd1e22e3898fa6fcd4b5b741b0ac2083382e6d6 |
| SHA512 | 5bcc1bbe15a135df57ddf358d2105f2340b8dde2c4900434cac610d4cf652b41333ba04afce0525cc2d7b51c39e5993ab26294303d5f9eb4a1e84ea13953937d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 62fa3b3d261248c35f8cce1876992c16 |
| SHA1 | 17ddd41de2f2159e7aa197f26a24b1815b6726d4 |
| SHA256 | 711ff3ff6d8225915f41f4b1b0e3e34e2173dc684f2314a67881279bb34f5e50 |
| SHA512 | 0d6b55c096b1904dfa554f7226ff329557702e9ac74ae9cb141e9b914c66647cb95bf2cdfcb759be422e1ca41179463730078cb313b7b79ca5457ce21945e7c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 720b90a0d5b07eeed4052b03e4e56c24 |
| SHA1 | db571121bb5c9d69171de7427e5c93a9d27fb83e |
| SHA256 | 53b23d531c30323f7164f59ff83334ee6fa2f710810071882bf2fe2e31f68fa2 |
| SHA512 | 146a19c61606f41be52c51dd387ca3e4e4d940af2570c08ab898297a607367c50b19734351928b180ad6bfd26e55182d31d614e5139b30e63868e57a7ed2c416 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b4e6d69cf6d7acb64d69906a645f1b9 |
| SHA1 | c0fb981c49717312e38734fdcaf3dbcc7360837e |
| SHA256 | b3b1f36079f6a01420e4e8fcaf53edd3f18cf60a705a536fa4bd91ec78fe4cba |
| SHA512 | 2ca0e75eeee53c20ffc926906c20f69695ec7e3037dcb522ddefd86016d5afa3e707a1f75d8173652b5e0f415fe9d7fa677c218146c7938d4d2a59a783c949a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0689a7511390bce5ea65ea9623ee8f5e |
| SHA1 | a3a0ed2cecde110fc576c0c5620d2bdc545a23d9 |
| SHA256 | ace0a12545a34c0d097d0f974c06daa9e810dabc202fddae786dbfbf40634d6f |
| SHA512 | eb36f9c85de4445b06fa3c7a6a260e0f7aeaa163ea23f90af9a381bebe495c5815bdf9ffcdfe861a4d155d30bbf4372ecd589aa8e6ae3fdf859c4242b3beaddc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ddf864d61b64a8bc6795ffee33c9958 |
| SHA1 | c44a04777c87afc00db042142db2727e490d7eae |
| SHA256 | 7e0c5e241789bdc7b03b3144899d62ec7bb30da323b4004fd0a0397cc5eea502 |
| SHA512 | d933eb85d64f13e892ac276d7801a5d0314bee9583a54e16bc0ef43f5a24ebde3623616e14dde50770d682f2c9bb8bfc152eb231fc1512a61ac54796c51d6619 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 611b2b2083d60b34bb18c53f202eed54 |
| SHA1 | fa9e514c309d46767cdd6f608707253dae6729fc |
| SHA256 | 1b9e84b84555b5c8fb8a2bbdc2cedf10ced650f0eb4325abed9081c7bbce7ede |
| SHA512 | d346f2bd0a84310384ee317f1ca2c146455684c930f56db70fbd0742b23e8172abb465bb5edc7ca16f820947626811091e02d2a9875fe55f0e6ebf3d44f3ef57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90c7ba2a3a4b48f1cce4754251702453 |
| SHA1 | 6fac3787dcdb59f5c47d4cb90d3ec02f04c2b79c |
| SHA256 | a4cf904bd2f44a88c0b71a6a16844f26c6987d2f59a5faa7741357437bed1d9a |
| SHA512 | 1ae5457b5649bfb5fc9c7655db4c4721b4a6362c42a8b89d159bb3fac6e4f872bc29e91d09c310782a02202893e44f9800cb3e176c56bb144399d3b48b80fc60 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | bcccbae2b17ed092fab57a0f41a023f4 |
| SHA1 | bcb54eb3d517cd04afc6e4beb1c9368d4ecd5194 |
| SHA256 | a5b323b2b7221de9a5a47dee02d4f4463de07541f0013398526995d7339df9bd |
| SHA512 | 2662cbf7eea3d31e7e8b519de7d321503954bd956852f1c2869e7a71dc8cffe9f41f68bc652216d8ddfa8e8cca9c7a20f3be2b5e019d7b3a8d8742cb9dd5bef4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 056e87f2757e82adef7e587e92de6668 |
| SHA1 | ffb3f1f64e44dacde7e642a1110bf43ec27cff22 |
| SHA256 | 28b9a03c62155b7a19e14db71792ffe82503d5715078d56804d34c6af7666256 |
| SHA512 | 152da49b1f963d662d66e639ee1651bc068dc8621f5f688893564b73df0e11f38f75a7fb54fc0cb619589838adae211593f581ba41a35a9fdaf0f230e08dee8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8266154f91cb26ee1f2afd214621457d |
| SHA1 | c0ffee7f7990b4ccb50367bdf875a2eb77730dff |
| SHA256 | a7be8478baf4857280484f614d414ccd01aa3fb5e99d7bdd160a1bc38c465f13 |
| SHA512 | f858e8954bd7f194befc5694276fccefc4f456f8b16f327558fce815f1d3b2554d29be4b570ec74d08715664ca9a4faf4cbbb21fa942812f87e91dd666a700fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9d2556534a3abbd14215a020bd9280b |
| SHA1 | 8488fd1945974e17a4c2dda439bdcb5005f4ef15 |
| SHA256 | 582b3ef9447714bff9505553798c50ce5bc05d8b808c426122a685df360cd39b |
| SHA512 | b67fd72bb998de6a20be22d2eb3319d536267d7899558d0a037cf598643e9ee5a50a5b25c00798a4bd6fd1b09b00c1a86736ef7d4678b8314bc398e6d63da5c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ad2e2b068956c34d6cb73ca0740dadb |
| SHA1 | dc9f874c6c305952ade7e3128e5b9fdad9fa1834 |
| SHA256 | f730b2f2cf0e9808c1a88f973d6b62fa27a43f31ddc03f3bc66449fd58dfabbd |
| SHA512 | 3f0e8d905346b15c4d8c54a17d09aca4c72e65a2bdbfa5b4651b679d31951ff89469cfc7f53378d6215bc29ef26752d418068a94d8517aaa13b116c6079df9e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b077a80065c032a98a4a5006e366efb5 |
| SHA1 | b259ecd75c981f65f561336154297bc2046197d0 |
| SHA256 | 720c16f6edb482f3e1cc7dd75ef9249b58b42eee417f880687e0f96537575ade |
| SHA512 | 5149d7acf865558997d2df2e3807a4d789331768497fde685cd836ddfb86d7050dd331c19c5a6e9af7a77cba612a71e4dc13dc0b1057d7e57227aa4c3e237fbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9775dca35bd21c80e98625bc79e346f |
| SHA1 | 4cf8fe5e04675111fb8f3c59c0f3edd6e5ebd32b |
| SHA256 | 0cf2a4a7b945728ab7426b31c1f5eb6d788a0801b03106f398f3dffcf2e86661 |
| SHA512 | 16eaa91430b127b58dcb4dd80c614a05dde47e44024ec6dee77fd1fa7155e5947b6c5cf6974554d2f3d369304074922b717fc9b4487ad025660c6e56ea58c1e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df74cc7bf82b21a1cbd0c00ea44be49d |
| SHA1 | 75bd1a8c61488cacadbf353eeba5d70d3829c64b |
| SHA256 | 627942d8f02379cf65c21ecaeee021edc55b97666e4bc6a539b8a941dae1b722 |
| SHA512 | 35e0d8eb8439900e062ae19ff20883416257eedb3b7dc61d46eb3f2f3d5f95db7ce6202882a8717ec89e048a2e12bc99d140deb420fdc08218d406938eaf6a8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68064ed6121ee49249f1b25ac55bf3b0 |
| SHA1 | e530f01ec74890c329885493731f05c189999bcf |
| SHA256 | e85a65a9b934036750543ced2866e561a757892043cba3d3e4c9251689e6153e |
| SHA512 | 523f1d95721bc0b761ffb3003f70d18abb31e3a1f579405593f28884d20797aad7c77202748a187dd54dc3d2edf7f03d35c7d214e587b19b83b4ce2c032c5cf3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ffd6d3b56671ab30aab159e9514bf7ea |
| SHA1 | 7f7cb38d94ee4ac0f049fbbdf5fba09bb17f1ad4 |
| SHA256 | c9b142033ceb513ed7d75027dfae3a0c4c5ef3eddb56900f6ce66c3bd7afdb2b |
| SHA512 | d03ec7ffb2d37b9fff8ef14d6b7445a8df3e2be0412f3b5ec3342615147c51da8f06a562b2ea9622875398620efe94dd8df17a77395e776abdc93e83f94cc472 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74f0364988d543ffb127c9fc0092ecc3 |
| SHA1 | 3aa0f522d238eb647a48ad587e20a56de133362c |
| SHA256 | 1e45ed6298a4d5114e77c4d29d9f55dd7d3eb1cb02c8e50459c0dd666c4a24a1 |
| SHA512 | 11c78898dbaa0cc42793d1d48eb208215ac9e69820a6977c9543365ad45bfb61dd0828917002dd3262e443fa0e47058bcc42abb7d463194c070aff0d516c252e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 860b4a6151118c1d8dddcabae2e95bef |
| SHA1 | 8f1821f6e7df0897f016af1bb5467bde053d5afe |
| SHA256 | 61ee7d4ef5e9efce1afef0e65f7e88ec1bbd51795f7f7933891d72e202e5a8fe |
| SHA512 | 32dea6e74dd0278ebd355f1e3dcbe9447a4500928d743fbf37328fad675e1b1fce6516b23c1a22646b45f4cb6e9f5677a889f3d44826d73ac29154fe1a6b74ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abe560c31022eb0bc92d0d68adbbe13e |
| SHA1 | 6054e0ad680e8edc3e24d40bbd02d0b298bb5db6 |
| SHA256 | 8c010a8a22600700823b70f96f23370ba613c2a911336927b4b0b470ab3eb18c |
| SHA512 | 39807efeed74fffa5c8ae8d62e2e6799d59fce6757f2084cb4d1223800adfa53167adb79d4e600bc72b0adf69b319832f4766361475462ac4d129613a193a0c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de2a95ad1516c3cbc696ca36cfcc8a62 |
| SHA1 | 66ad785ee1849d50053119cc7b74e21e79b770e4 |
| SHA256 | 258ff7552c44d385048c37c2eb672e3394a7c430571f726511225937f0700f38 |
| SHA512 | 505abb225afebac0adab8b15c72c56d0f3ef0ff530c3b70f71fa98c5d1b2c4c8d1cdd8f3dc12b1d306b59d20e39b8731c3088a1826563d79cab961cd76bd109d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:45
Reported
2024-06-13 09:48
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e9ce1236386b599bbfdd895432352a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5060 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5056 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5988 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3788 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5420 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | g-v-s.ru | udp |
| US | 8.8.8.8:53 | g-v-s.ru | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | netdna.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | netdna.bootstrapcdn.com | udp |
| US | 104.18.10.207:443 | netdna.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 244.196.31.31.in-addr.arpa | udp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 104.18.10.207:443 | netdna.bootstrapcdn.com | udp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| RU | 31.31.196.244:80 | g-v-s.ru | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| BE | 2.17.107.120:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 120.107.17.2.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| BE | 88.221.83.225:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 225.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |