Analysis Overview
SHA256
75b1c7487d8d185a5c9b4c6e421ed7492f7eec4423ceccbe30e7d64c533b980e
Threat Level: No (potentially) malicious behavior was detected
The file a4e94463c9a0731df3c9b206e4a1b074_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:44
Reported
2024-06-13 09:47
Platform
win7-20240221-en
Max time kernel
136s
Max time network
138s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433763" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9707DAD1-2969-11EF-83C2-E25BC60B6402} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2520 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2520 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2520 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2520 wrote to memory of 2532 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e94463c9a0731df3c9b206e4a1b074_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1EF8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1FD9.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ba6a6d56279ff78b84532aa80d2b779 |
| SHA1 | 65c1a83b5f23c1f380cb4330f6407e2e9dd2a80d |
| SHA256 | 7c1e8041bf5266ab64ddab62d230afd6cf662d3e4fe57d63250fb2eb8ab4b46a |
| SHA512 | f399e433c30eba83c638b30b4a8ca370d18a60104c967a4b2b86465619bcd9c8b6522e51d1c85e7ebd3c13146e05ae6bda875b368ef7ddc556d2d1c91e7e9c37 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 507994b913251f21ac01170471aede8e |
| SHA1 | 44f2475c1092ff6d4bc6797ae6cb57462419d0ce |
| SHA256 | cadf8f8ea2277eefd3b625520d472baced3e69fafdd59d05835d4c54af076b2d |
| SHA512 | fcb61b549311b307727a309ba08ecde0473611633b44fd3c1c6dd86ff9489ee6e4662ab210ca1aa666136ba058c361b4acc659557effad8a3ab0fa48b1589def |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3eb40bcf6f659cdbbd8b0f69a12c153b |
| SHA1 | 212b694b7a8f8306d2557ed8aafb9cca050463b5 |
| SHA256 | b86677e190019579a78abe0a32fbadfa1edb1c8ed402aa4fa87bf00f1c51fa09 |
| SHA512 | e19cab42ef9618e80a317c70b89bc8069732c13d96ecd357e67f8236bed1722893cd01983908df7b2671f2d9dbca1d406d6f6f5e304e67ff1d27d2c4d6a1a58a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4d8c78cfd4f337f59866c076a908e2f |
| SHA1 | 793921dbe7161e84e774f7b6c65270c6c583dc38 |
| SHA256 | c03155da4d394e7cc444c76b22623a107af147dc6ea4eeba4e72022063dd3381 |
| SHA512 | 48d2b8a3cf3fd564b38b552889a6ab9c938ad4fe43eba6425fa15dfd93ead7bb78d162b2135ed475954e9dc49e335468f9f4b28ad56dda1c12b3bf703031cd2d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9391017e7095d553de1d131e9fbb499d |
| SHA1 | bc51f17382c31fd7cc0f3d707f06b5a7a602b0bc |
| SHA256 | 27427b3ab1a9d3d98fec0d995b1a3930f2f0a3c291c3f44821fb310d98d70e2f |
| SHA512 | c80101980a8797a6f05839b1d0d44c5474bef182fd2de60d9a2022053ed7f6d026af55e9bfc51ce597159fc83b7f2399d30536bd6f93e3ac1ce24b21f1f74d02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f2e34b9c474e0c330edd4954f6c1329 |
| SHA1 | edc9545c13929ea0eddadbcb1c92dd180bb38e05 |
| SHA256 | 8723a7c99765a1f3635abf8f929570416e30c949e797e3d19eeabf0f2ede7d4d |
| SHA512 | 937e9699336140999ba1f54127ddb856c96d27c716edb68321545cd522fa8245b80c2a699c4ed97855b4cf8fa84e78083d368cfa6dac0443662e3a87946039a3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 775ba7f573b1344f7c9d31eb51dc8ab1 |
| SHA1 | 1729493eadb79fc8b4b4c14cd782649103108222 |
| SHA256 | 336d78489e62b158a0e8c6a5b2c6b0598d417d245837493dd90f71789ec4a719 |
| SHA512 | d662b6011bccd6a8e058b1f1df555e972a8288cd74f05f43adcb32685ae6fe3c46624a98368ac444cde1fba00d11dcb6706eb78eab0c8b6c32352fa64cc98966 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de9a6997d9a4400ccea95e1cff93ecdd |
| SHA1 | d92e0b313b22b5b2bc5f4215b9ec893b00f71faa |
| SHA256 | bc0dc592442f34234a48a2fed9f19cd8932bf399cc723a0280993b9cd773046b |
| SHA512 | 512100ddc215bb6dd7a1f20345454a96c24d0498c670c8036c4060fbbeac88830dba72f01068a8ad75998c21705dd2c0983ce45c02992a4099ec16d696980d3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 809ccd61b1c76c98858f810f41e0108a |
| SHA1 | 4a5d87e4b9380c603c9bd02060f58e63a2664240 |
| SHA256 | 068f99ed92186910a8ef3dc75a61fe8972062277ca40c8b7ce57b44e8f677b87 |
| SHA512 | bdd847f9970cb898c5ebf5d6ed7beda015a677014c94e74eb7c54ce7a29476247b57d6e99ea51b28385aba290482982d8fc9a1fbc96fbaa91994534851cf4db9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f05d15025651dedf170918e9c8ecc9de |
| SHA1 | 6d222ec11afd9fc37a4987d79f1abe992102be78 |
| SHA256 | 11c1fcb8e80fa31d70470c55b9177101e46a81a2ec26719210d19fb133d7fca2 |
| SHA512 | 808c8301d37ea29f5f682b7fe0b27765d750e257f2e3950515a7da4c0d51093907fd30dc87441d82c4aed8dc505f2f742a11056ff404631612173279d6791d10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d19db281d4c8e81fdb1ccbd90581a584 |
| SHA1 | dd518660e3f267473e9a246f9e8a28ecadd89642 |
| SHA256 | e98d76b7262a5e282a6cb9119712733f0311cbf4e4c536691795836b47a54a88 |
| SHA512 | 5ccaa0a1a35c11d8ebe9e2e2d11a24b367386d55d2fb0ea9b9042e1ed0ab6bf45cfe81d8505a530a1e75b2c8132300b7b368cf81d23e9567365992d82f32b23e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a8bb1e39ea2c0892a1de1e9f267dbcf |
| SHA1 | fbde1d48293ad17fb72a2dc65f2161975e0e5f2e |
| SHA256 | 4cb591a6ced2d2d777c3806ac53438e6bfa34fc562897eac7b95d6e837aa0e64 |
| SHA512 | 06434183adbca46846f0110149c542e596af85f1a8d5ea36b850fc04fabd62b6fb6fc80808d484dbb2362ca6a969571b684157650d6dd5c453328e6efc0ff298 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16628cddd764e750a66c80d048bfce06 |
| SHA1 | 1d5921d558af2bf1f73011f2c7eddc421ab5c548 |
| SHA256 | 6ebc1bb31e018797a8ff8197262cc5bb0da1a46ef4c7509b14ffd75de4de76cd |
| SHA512 | 322101c1c9150141cff2e916d9259494d53cb6ac2fe62505977f389db7e4b6b25d5dccead85d3b1f14df3a92128721e23ecc0a66b4d61d5d5785d186ac9a93a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ef922b6f3e698a2f02c64191c1a0489 |
| SHA1 | a8cad0e363b64d8a7eb25db13a1bb02912678bcc |
| SHA256 | 76dd43fd9716ac8c75da21a5bd305e12e72325b3e93cfebc0b6eb70e1b088341 |
| SHA512 | 2ba00ed14d603a2da2d4d193988b3e94c20a0e33cd3e3500aefac8592732a6456d262c72140b21e1e7b7ee71d5fa3c1cd7d65919ae252c4b3e265fe5cde12c3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9984ad9afd166f49f6e708cde372dd70 |
| SHA1 | 7f3fa121bc08d05bbe36c74edb039561f71a1aa0 |
| SHA256 | 1da0b6aa2a86f0622afe82a281919e71aa2207c1ff63d4b71d3acc2fa83494c6 |
| SHA512 | 6fedcab28695e46c12b2ced5a71a9bf71338d69a0085346706843ddb9f4f3785f58085bdc61878b4291733e5033cf6e0acc803934a5a40f95e191af409354078 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e91f495e416398afe07011943acf833b |
| SHA1 | 9e46d91c97ae1eafcc8a7e536922f54d4fd71886 |
| SHA256 | 319a3a9919604c937bcb67e63571d3434ace558f9a1bf17b3786bdb1719cf0e0 |
| SHA512 | 7cbb83cfec7cec8554964123b6dbbf62b53001d282561fd23d76cb57924b8a4751c0fe3f3b2c8b9676cb58fa23175ad7a0d70b64056fb4f9c9ff65e0eab0a330 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e1496bcda44ae6fa46938ecedb446d7 |
| SHA1 | f970d22232486729c8ef53f5f2aaf32a733260f9 |
| SHA256 | c10b4b759679267ec8b45fadce1a3d369f97a54e8b4854338189e6c46478a6bc |
| SHA512 | eb4fb7c0ee6007eba16c944b73399625a7532c6e34ef10975164f86c738ab3491d622c1571720a8a7aa331759fa140b05d84198568ee4814164fadd96f113ae0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df5d3ad4926d09e62ce9ed584d081ace |
| SHA1 | 3346dffdf0eca015ab8e62b6a95ebf058f0569ba |
| SHA256 | 88b65aa710e8e7b5a5f19df70143c4ec1ab02e144fc3486b45c2ddffa60f8ab8 |
| SHA512 | 161faf50a36fa2340bde185ceca82ef3098d24559ccb8e358b95719f39f8f4bbe9d750c2e99b45e9f8e7da0c771f42c66d5d383910ebd618ae17ee1a71821f11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8c9750d6970388f9f6901a6cb6775c5 |
| SHA1 | 104f346ac04fceefe52f028808256a0c48ccc348 |
| SHA256 | 369a98788ee8b46144dd2fdac7c002029c011a34b2a277b76fd4a908facfbb14 |
| SHA512 | f5bb80d8ac10c3bcfcfbc2c1f2feb9a3a7a97156bbcdf191edd8f9dc59aea021a68d227da2f89bdd4318cec7fcd4587efc2db2333439a0d07e2ceb00f787dcd1 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:44
Reported
2024-06-13 09:47
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e94463c9a0731df3c9b206e4a1b074_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3804,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3516,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5272,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5344,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5468,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5908,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6372,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| US | 8.8.8.8:53 | www.578z5y.top | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |