Analysis Overview
SHA256
6bcb119bfad2b56d90c8ad6f36b3ab25eacaf67c3f1253a5c4de3415558e1bff
Threat Level: No (potentially) malicious behavior was detected
The file a4eec88bcdfadbea342524232ca2c824_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:49
Reported
2024-06-13 09:52
Platform
win7-20240611-en
Max time kernel
142s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006f3be8f3401ec934472572bda8270e4d1dbd078d44cb2c8771cdcfae9d9c7192000000000e8000000002000020000000aee5244710a74161e93d44a2ba863ec59f0a22bad7c2ddcc8e70fa7d76370c6120000000daf181c716b992cdbaf86458c105caaf93c036901c5cf38a0cef4af8f4d829da40000000409b9d745a932a459f9f72f73e60bc60714411423686c1e070c2053eee62cf5a0d28771b5b23408e1e36927dcd4af0467476746a65b6fac38ffa1c78ed1ae039 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{458FC951-296A-11EF-8A4F-62EADBC3072C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00c8565c77bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434059" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009582d3a367e0f7f15d31e874c0f5b927c0506f9b56152b57ec3c5f8f5ea557a4000000000e8000000002000020000000e776e06446ada56dec5199d98031fce6202975c4139a089f076307fb0b59093d90000000d265b6bca34bcd72b473fe0039381404b974e83380eb7a31aa605875252fad5149673ef096fb893343500b1f216965ed71fc5e8818e2019e6eca975ba3eaaeb671ca420a91ee4e7207645b4fa15676e839f6eb5d4e22d3d672ccc679e46820f392d8fd8744fc275ee780e46bedbd2cf2183ca1d35020cc4c6d97abac6241576232c536fe2329a97464e646e2aa9c44fe40000000530e85f46b592ca376c86a466e5212587816629319338f5735e805063a881092b2885229a537f9926cddea28e3adfd716006f73faa989d1507e0f6d66371c04e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2196 wrote to memory of 1844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 1844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 1844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2196 wrote to memory of 1844 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eec88bcdfadbea342524232ca2c824_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2196 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | fu7ci.filll.cn | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab7957.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar7A05.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00804e38539ac8f3e84717f1debf35a9 |
| SHA1 | bb8d156a9c1cd17ae7745d27ace452c6b298b93f |
| SHA256 | 575b990693ee2df762bfd06e70243f80ea3dff3576294775aee805c2938551c7 |
| SHA512 | f1cf8c4faade566cb4e530429942e14685d21b1e3860dd7543cd06c20be6f043f91a32a9621eab23ce28864558e2cb53f6966aaf2a09add187fc10d142279809 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 502a86a55c0bd6d6f31298f658e076a0 |
| SHA1 | 61cb058a48ded5d8940240e832bca33d1151b6fc |
| SHA256 | 4c4aa94cf3c8bc1c12ec6358b0a0da2871106e4f6116621d1c63b74ac82f305e |
| SHA512 | 312c178093be9381800d1dcd1eab410532b884f268f0b293cff56956976b03a50fa080a4eb683302e2314b34a1b80567bf9d08ae331b5df90efeaec5e66c4584 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c6d5e41f89d54c3f73783113f0ef018 |
| SHA1 | 3add35f5e7d4e8e2c32701999eea874b9eec9c81 |
| SHA256 | 78bb635452cbb7176c38cda69cfff4c00d231f4056174774ac664795ac84a2be |
| SHA512 | 6a8b49afa790bcec92cf4cacc2de8192f3b42a2f086986c7148ce709b0769c8661af26339e186c210ecdce149a3f35ea2ab061f645bece8aad6a72ab0f987c22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c4ea570f8b00078ce9fe942f630c2db |
| SHA1 | 7968c6872a66d6c66459f1bd21e434cc7fe7f285 |
| SHA256 | f9b1bfebcd0fdf5ecc4c12676bccb94f7ed217e643651cd2eaafeba3ff4c66dc |
| SHA512 | fde9a8d705993a7c1548c87d3991ec2002acfcb9a595a60961ae80685ab74bbcfd0e66e1fd47297e506fbd0ae736a3e2867a594804225b2f15e5c2b90031e7a9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d4093a187ea7109a2803994a80b1e6e |
| SHA1 | 6a701d55575262a6659d87a86d49fc40998de7e0 |
| SHA256 | d482ba8e5f6f01b6e7c7b872af29bca9ec594d4b3bc00a292e34b5c23ef2ef79 |
| SHA512 | 9b04398a236fa85631698b13b903d1e311d910d2fe0a3249e33866911ddad6fb0e5e09ba0060921644effbdc44000b2d6b60ec066139f6951ff583943e56d3a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbfe08c45ef1b555c158d3c031fa506b |
| SHA1 | 942e48ba63acb5bfe1cd2089ac1600c272723deb |
| SHA256 | 267fb40176e8a8083f5fa37c56af6b2fc57edbbe6d058c51c0d89832997e987f |
| SHA512 | d408d35b7710b687eb229df5d73be4470159a9d410e1e69e9441639edb3fb27bac3cec75c001acaabadc108603e95e9552ff851b63cd36ff30194e26f9afb859 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 87105b477152c17437319a2291a65b38 |
| SHA1 | a8610632ed818a6de708cbb4a6e62bb6d1e57825 |
| SHA256 | 4a6386d20b055a28c97fda358b7661d1cdd79ee847d7b42852bc82f0fb29857a |
| SHA512 | dcfa2825307e948b69fc56cd8c07677e148be01b3d10d67399af6d9f4cd2600f4d2c06e49f10223d8a7f164ee8f60fe1c20ae05bb8a392fa45d6fc2e26ad9354 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72ebadef24221049bef49500772e030d |
| SHA1 | f2b6a3b9ca1db69a6575a669490c3a7e6a7b78c2 |
| SHA256 | 6d9e43d773c775ceef9c842037d91dc39975d5323c6639ef6c0474a87361912b |
| SHA512 | d50b0a593f4a64fc9cc3a538ae423e841c72505fb06b4e0a9d95776391ed0ea3be9f14cfb76e0a6d698b97b493a8f18bd243bcad332c9eee7be283d555ac3685 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c7371faaf80ee7d5a443c55a62a05e0c |
| SHA1 | 5521f4ff78f83ff631f458ca66384df8371d84fe |
| SHA256 | b5bb2feec2ec6b0d5cc3c4177e00ac57a66acda771aa9150aeac91da2d690350 |
| SHA512 | f6c236b161e80eb3e6b69cd9f9caab388f28e5a1747a512ed0c12f687be25139b4533df7646b00630ce2c884f1210828beb2dd087b675b6edc382c51b1979e65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9aed8406c2d1f586d9aad1e7b14e51d |
| SHA1 | a1c73db11e85da779db834c1983e342e482f7ffd |
| SHA256 | 298c2483a6b65999f6a4516db4625def6ce09324f27146025cf851b86f94febc |
| SHA512 | e85a75fe6fe071004e78d5972ea0774cd35560c21856d05014668263197bce14ea38c14afee056fee77317f908565ffc41e06816bf4d682e8c4c5d9f601f7a69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | deaab98e49f42fa3a1dc380e24844031 |
| SHA1 | 874bafd2b5662a5237c3a0dd42310ed65ea5606b |
| SHA256 | 96d74e041dd6f74e19953493b46e744a11cc8b1f962e9c6651a430f557f10893 |
| SHA512 | 35cc50d2e76ef7f1d9022ebdedcb1a1c76846c0cb70295a26939afae88b1b7b7f822755902258d377a19e469d09f37888c36ca1e88a4be4fefd890adbcb13acd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 156f1836af52daa03f31bc2e441a6e5f |
| SHA1 | 73ad0c6490c72ca3d0058df8a57e1a78b09c9752 |
| SHA256 | 2b5d139136449867761b883f671579ea08fc02fea13b5a7ba8202faed8cd801f |
| SHA512 | 2204ba50c2179a4cce7a433cce91f1081ae2b02ec11c7aad0f97922e19699876ab0315ee56517ff8dcdf752b0ffd88f32e2970f8b15b3e3acb02f17879cb08c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 787b80756c92a107b1dbc0bef2d88c78 |
| SHA1 | fe4eb915e716daa58857b6fe41ffc504e3afa5cf |
| SHA256 | cdfb29f579277d48bc71a5a5d80acd9ea4c3588a9457dadbc58712e84df21b93 |
| SHA512 | cedecaf586effa82bef85aa282b8c758f1e9f201f27d526f84fe59dd53da49fb57436db92e9fdc38366046d0bafb936be027e58234f6d734587aa8a673c5f3a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b27d0de3a2a645d63cc53807c0fd9151 |
| SHA1 | 7c345ad3efa60eb5680451b8b8795b45eb996f96 |
| SHA256 | ce2416388e68de4c8dd6c995c1bef22fe2b2f41d06a64d72789605e165c4da50 |
| SHA512 | 0c53be06a555902013feff574a3371552a2a162475b0c63131921fdab1d809fa397fa8b1d333106e8bb78af2e539f9b12fdd8e5d42c949d84ccbb382a419e572 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8641d9e436b315749e65e45cf5f7b0fd |
| SHA1 | a009f27ce07c6fa16d48711ffe51c3363bd2a637 |
| SHA256 | 5374f31b93c4a9a9603cb017b434aef471721bee40ff67d9a990bdf5a6755766 |
| SHA512 | bd2c95f1641eac5dba71322339441a7468717507da6e8386cdcfe6e363e3ca1962fd1b24a1faec71cd1309ce10401c86c983d84062b0b74918333bd810c8f3d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b501841c08d49b5ba68f82c9d43a279c |
| SHA1 | c06f52ba9708f5446f044142315f6ba46097d51d |
| SHA256 | a10da0b8700fede7581b980df421dbb3d6f6def8850bda1b5e21fa49fe088297 |
| SHA512 | 7d3aa3c2829b16107a0d054f8a67ff41198c1660f9d92779bf42b5c7bff2a7e99fa649b265566e9c197d63dd8b27bfe08f45ea507ff88ac26bebc5158922bb73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae1b8bf57de0b8292d9a1a89dee6ce5e |
| SHA1 | 32378682a9c7c851939acbd841276b6819c492e5 |
| SHA256 | b170bbd8ba46c1fee0eb08fbc8930302b31a8029ae03d72aa558172535ed12c8 |
| SHA512 | b27847a5b2957c34356f9639e9ce34b627f01bf01d79d881e416251aa6414127a0dcbb715b0147c1e39a38dbb59af8052058bad34293b33a8b3ab6e31140d97c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e24a68acc4fcde4535637bdef7d3b73d |
| SHA1 | 99f249543bbfff47304dd863e6464f29c2cd3319 |
| SHA256 | fe01a2c93c4024b7e4b61cb8197237eaf1cad9e4ff2a2a4e6e358d6812c24aa7 |
| SHA512 | ed5325e4b5e0aa8a96fe00e2ba4de06f6ba26b9ae980e33370d587d3fe9f3fefbfa148aaa57e8d17b36e58fbb2e8402858f5abfb60e6d3fb4af2e0e064a64662 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41d16df6b210a0db0dcbd41ca23634ff |
| SHA1 | f9cf35f27bf74fac00f3ed6a9c13a6d6641f412a |
| SHA256 | 6d17457efae79c4a3f07609c1f0a73ee1cd603e6021a333dc746233feaae3a62 |
| SHA512 | f1aef102e29200d81f017d1dbfabdd22167cc441e6eb359649e26f4e1390ab458a23f7b0ad7d820df2f59256fa67c3586e003d5cb55f35832bd7cab1dc770017 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:49
Reported
2024-06-13 09:52
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eec88bcdfadbea342524232ca2c824_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5444 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4720 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5292 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5520 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5864 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.234:443 | tcp | |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fu7ci.filll.cn | udp |
| US | 8.8.8.8:53 | fu7ci.filll.cn | udp |
| US | 8.8.8.8:53 | fu7ci.filll.cn | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 187.83.221.88.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| BE | 88.221.83.187:443 | www.bing.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |