Analysis Overview
SHA256
0f2a5faeece22d833731079fac7fb7cffb6a7fd26b9248579668a6475c40989a
Threat Level: No (potentially) malicious behavior was detected
The file a4ef961c8d1947b6b4de1d44de718df3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:50
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:50
Reported
2024-06-13 09:53
Platform
win7-20240221-en
Max time kernel
119s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{649CDA41-296A-11EF-8356-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000de4b8e189a88eb4ea2da42753d62256c0000000002000000000010660000000100002000000017a38437fd6400c6f6c22c95d0e972a675070282c1c36eab2504f26cefb94e2a000000000e8000000002000020000000a0449b7a60df0427a071d6cd9d48934abebddaa4879b556b79a426219f80689720000000d952cefd811e4ed4b93fc010f3c7618355cf8bf71b3ec5a9febdfdf9324bbde64000000059df0c2c54b9162f7635684c400f8b04a9fb067e960fe589725261e42addd24f621ad3e01d4205f996f843bc2c206fc317a34a1ba71ddf0f7d06b6367c4b8d05 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10f26c3977bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434108" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000de4b8e189a88eb4ea2da42753d62256c0000000002000000000010660000000100002000000060c445db4e61a0b3252b4f3e127e370533f71a8b4f43b3d16d9b168c0470c98b000000000e8000000002000020000000c3e8f5f0e0d4495a538eb85d516f0ffd92ca7ad87c4ad9b20a51d87643bc284690000000fd7eb1601465b0a695bedd6f2933b9f73a6d49f79e65eea1fc940763c4674ec1bc3949428be4785d8cca77e6dd57d31ac0710c845394cc40a437eb5aecded791f916c967898c92f0cec21b14075db1b26306d8998593705591daa3a759e5b459c67dafd92952e52cc8c961a8ed58b6433fa1c40cf22dbe9153c9186bda8d0096307140efd6a6f456cc70d64cfbb73e0c40000000845d1e4adcfc76f8403f6467b770df328c5f5c73ee5955b277de3abb5c59510ab0fdb614531b688d2e47a1db8b6e7c2a28a2ca76de6ea36ba564f4056aa95f24 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2972 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2972 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2972 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2972 wrote to memory of 2552 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4ef961c8d1947b6b4de1d44de718df3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.embracingchaos.com | udp |
| US | 13.248.169.48:80 | www.embracingchaos.com | tcp |
| US | 13.248.169.48:80 | www.embracingchaos.com | tcp |
| US | 13.248.169.48:80 | www.embracingchaos.com | tcp |
| US | 13.248.169.48:80 | www.embracingchaos.com | tcp |
| US | 13.248.169.48:80 | www.embracingchaos.com | tcp |
| US | 13.248.169.48:80 | www.embracingchaos.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDQW9R5V\suckerfish[1].htm
| MD5 | e89f75f918dbdcee28604d4e09dd71d7 |
| SHA1 | f9d9055e9878723a12063b47d4a1a5f58c3eb1e9 |
| SHA256 | 6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023 |
| SHA512 | 8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\wp-emoji-release.min[1].htm
| MD5 | 6d282db8a2eb7e90ba167f313618d5a3 |
| SHA1 | 5417a9d0f2a8163d5b22e33b3b30930a3ccbcfc6 |
| SHA256 | 7ce2010ebefb7068cdfa597ee15c053c9149468593338b67389254656a08de9f |
| SHA512 | fa72ab6960db52e76bbbd453d4aec5ab30aa465fe8a36a0f7f673272eb81094afabf094300f3f9cd5919d4b40c2c89117dcbd2dcfe09435336a03ad74d7744a2 |
C:\Users\Admin\AppData\Local\Temp\Cab2752.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2843.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e10d75d0c5a434b6bb13296d42f9976c |
| SHA1 | 3b9bb9f370edeb7c6f6d1ce6aa7470503e69b770 |
| SHA256 | 07f2fffb66d216d4e8f759ae4ab10fa0d9483eba260a97d361af4a3974bcbfdb |
| SHA512 | 9ad1f3260c6cf88028794e44f1cf8950f1faf34ee9fec021a71eaa06ec0846fea82f425b1d6742dfcf8a9664e00f15387d0d8a9e92c6e97a0afe874b2036010f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c6caaf7c47a0c66b5516406471ed917 |
| SHA1 | 8b3e2690ea19e70e52e55876819d5366236a0492 |
| SHA256 | 334a81606da54fc12caef5a810f79486d510159d0d004a3541c36400349dd3e7 |
| SHA512 | 180f8cb9e42a73d7ec4f1582816c8168535348213cae13723c6bc6ee5313c34c1c4e95acef07d8c3634fd32040213f8fed39be484f357a0768e7c3fd1fe83d7d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8db1749d98c86bba971d49bc0fdb08e |
| SHA1 | 8a99034caad9157894d61ca664edb9f1c5de13e1 |
| SHA256 | 839a7c1e8f10cbfd619a08fadddf340ff2382a0c6a8bf0713214cb953d5fe76a |
| SHA512 | 76f26d685339065116924bec242422d8f31d4520e662b3858b804f82da8a02064ba49035fd20eeb92de5dff08be47a3921ec00230ebb6e2f59aa8e4fa4bbabde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de52460032c184399005dd88b3e4eacf |
| SHA1 | a401d1c1bb79e6dcf0b7c60f1ec0d91e48271ea3 |
| SHA256 | 09f2729c8c6dc442c97d78c88fc95b166e998c8474681af467287d00ff9452c6 |
| SHA512 | bf41f1e261377faa7a01bc301198360906ef49428ecf34567c40a32928b6e3281a3d0e8ed05aa952f7f096cb00f0c015040e2601c6efe4d1ec1c51fe73e1784d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16484b11a2626293e7e15b745d5acd42 |
| SHA1 | 38b720bb2b24f710ddbe7957464c6b5859923fad |
| SHA256 | ec0ab27fe3289b132474a3e125fa5c5e37d5de56af3b570a0d8a24e315ecfc74 |
| SHA512 | 5a5adf1c0bf8c6a3f88be4f676ce69bf9d15b0b30a314efc1befb5877d9bc5c2a211c1d028e32d4b0adaf38449d734569ec3493d72a07c7a7c1a92eb36ee90c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38c22c77b4d357e4d224f4d98774f314 |
| SHA1 | 724921d2e1aa328f26bba8ba9c540487494165c5 |
| SHA256 | 63a68c2f10adc4770f50c83c55053819177c7a3eabe194f3f09a25f034fc7e3a |
| SHA512 | fa50fc1584a1271fa3d7710dfc3bf0c116df2f505d757c00c25f03cee546efeeb12e7aac97304df7c71084119f2ef4b4d0084f264145746903cc24dc664fafa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 486ba45b03a3c6ec6395d4a846c82203 |
| SHA1 | 157db572df1bd0f11ee07301725a15128ae6ecb9 |
| SHA256 | a6dd79a72151209d6a64675460e871ead985273afc0aa91f03f1acd90fea5442 |
| SHA512 | 0fcc9c4a085ae1001290a4bd54405400dd3fb27b3d36355fe88f68e4307a48b329be1d0b45ddc595d81adb04af794289836d13f885f1c0981a458da7448f94fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bdfb7fa6092c5c618528c88cffed6af9 |
| SHA1 | 31a4622e484037542c34d9f18768926bdc468a9f |
| SHA256 | 4c2aa4c7ac8e912d7b5ec53b37d87b422de0052393314bea70621414d879ae9a |
| SHA512 | f607503626dcb102ff677621ba02f42266b054cd499ab5fcc51b909f4c71e6c1ad7450ad013685241ec87a7af2bba8b721e5cfba8c722ef110d9fe5939a88d5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4bf604586a694014006cb88b47d443f8 |
| SHA1 | 47ebec765fb6a1cd5afe20c67d431afe34cd1430 |
| SHA256 | 8a2d2bc7b4ab6db24868fcee4ce193b78734a65ca00060dd8adbcd5c0eaa173d |
| SHA512 | ec7c1245e7c1995284d3c96a8b62988e2e0b95262d5db01eb6ac581c0891937400b5bc38d4bd861d38622a670a8ece760cbad7291df1e665bf00f59e10fd785e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3d843c95813f70c0a626a22e6af1319e |
| SHA1 | a08d94c5add33f349c02328cf0cc3f0016101a9e |
| SHA256 | 963d288f1e4aff9a574774c437b1d6b27d47b2bc4fef0160775baf8896423ba6 |
| SHA512 | de269f94304c1ad61852e225af382baec900295fc1b269de1103fc76fb2dc03b2a57d17ae1b70429f76254a3bf4f1c27431f2903b8ed9e90aa2c5cefbab97490 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e041259d9819ebac2541ba44d29353da |
| SHA1 | 8c52ec66082fcc364c1348445dcc4be7608fccc8 |
| SHA256 | 14105cdadf9a8cbdcd3b82f16d1eae7db404abed8d3ea1c0bd5a3e29bf346b09 |
| SHA512 | ec4ea1178d808fa7da24b0ec9bdf3fbd75f5a5ca9a5cc8ecb78638799ba624a99d67fbb4243f3ade7e6e28acba514df1a56ea34c40615e8645b0db0f27699a09 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6266746cf8519c782c119180fc81b4be |
| SHA1 | ba59fa4aefb5b4eef4f26b55807bb433e0d7d8b7 |
| SHA256 | dde2965e6f8a592553e24733615e915d047188c5b57c8ffb99b908d59f0aed24 |
| SHA512 | f2e7802ccad5be0652b581f2f632279ce47cf1d992aa7e5169dd7bc817e711e995570ea59bbafa5a4feaca485896f0e5a0715a313e328483ebe36beb27fd427d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c690b65bd4a4d6808bf073a3b2918f98 |
| SHA1 | 89b132e05fc41a27565df4e835278cd013809a69 |
| SHA256 | 575fd7368ca2bb9e64e00e92aa0f0f2e6923967a088a06faf419fa0539fb392f |
| SHA512 | 9ae3486c49860f3bea0549a85a9e54d2ca84ad45faf163e9ff9f714568c573daff4656a40b9ff02afe1d71b591e539a803fc9372986129a56c7669389e98b867 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 349437839ae41002910266afe64cf63b |
| SHA1 | dadf9b672aff89ae2cab35b939d287ff3070bd4e |
| SHA256 | d7afb8f5f7e0d559c0be6bc875952f8f81ea79240c3af5283bcbedc83ee1ead9 |
| SHA512 | ecac0eba6ce63c0718519e1e1dbb89e7473def3142d4f973fcbb02deb9398540d54e76679c27d0fe56730287dc1968fc5f3a474f0573906c6207ccb15b44c6ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aface5e04186884c97b6d452182e7e37 |
| SHA1 | 2e0abc8c205e494168cdac97c9d9062f12481678 |
| SHA256 | 717bb8d94ad90020c13fef93af565df70812f0c0b396a353684afcd1474460d2 |
| SHA512 | 3eaa67dd89db620f01b58e33cb318b02054bc15ca8ca9462da7b0f608e058d989f3879fe3632bc67bf0b47dcbec13c9905c3399bd27d4e09fd165021439b1aa3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13e7c37621f1a43f7c2a36f8ef2bbfab |
| SHA1 | 94d220519ead43c9ebc9a7bcd06230d7b8f919b4 |
| SHA256 | 4a99f07a3cd7a1913d4e9afd4fadf950771e3f3e1b5a6779da24c6d30d5ef8ab |
| SHA512 | dbec4995d63004ef5653d9b61ad72daefd7cd1db41c20535f74fd794b9ce189c5a1a4f8f8825db81f1b367d7bb056cd465d5b209718a57a4f0fda7b931566e73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ee55a764796c0fa602d9fa20bcc519e1 |
| SHA1 | 93dc1f9bd0ed978ac353d2f6dd70a241663c0ecd |
| SHA256 | 32be97c61a4f0ae3f56eaba642fa05af9a0b70b8bb53a62c6ac36f84227ca781 |
| SHA512 | 519d85534197a68b483b88a5f4446963a2303af6b1871bd7e13f2c01d9bf288ed1332d2a58ce2c2d7b5a2a25b662c5d014bf80810c8347ab8d3d19a10ebe9008 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e9e4614bb9d2f375f10d047fcb99c81 |
| SHA1 | 3cd573cf2ab2b4a4425f5baa01100a1e231b6bc0 |
| SHA256 | febe47cb7ba697513c14d40a2fb659b27e92c9a7e0fb0b7c9b84da9fffde12d1 |
| SHA512 | 6d5a38b8ea590b9fe78091a482b7c59826b28de0739884c04182309ad1fd157fdd77d9e43c153b003b91f595bce6788adc84295a1090463100e425cb0e32b38e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e4c2a751fb5f13cfe9f23399a09e33a |
| SHA1 | 6189bc05ddca6561deaed3419f2561551bf5f28e |
| SHA256 | 077689a75bb607e357c5ce3aac7c32f93dc97193f7726d11d35d247a7d383be9 |
| SHA512 | 75a5551a52a68e5ef8b200306d17552f2a04bd11d797d94cf02d9015e5219d806d7df20705421f467862377749696d6f705319090df1448520e28cfafb0d6d76 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:50
Reported
2024-06-13 09:53
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4ef961c8d1947b6b4de1d44de718df3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4520,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=756,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4676,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5460,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5488,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5820,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5464,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.embracingchaos.com | udp |
| US | 8.8.8.8:53 | www.embracingchaos.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.embracingchaos.com | udp |
| US | 8.8.8.8:53 | www.embracingchaos.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.embracingchaos.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.embracingchaos.com | udp |
| US | 8.8.8.8:53 | www.embracingchaos.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.embracingchaos.com | udp |
| US | 8.8.8.8:53 | www.embracingchaos.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | www.embracingchaos.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |