Analysis Overview
SHA256
cb58c5f6fea10f0d8d8030db21c193429f67c4ce80d53459a844b4c9fad4e434
Threat Level: No (potentially) malicious behavior was detected
The file a4eecf77690448da3d6b52cfdd132be5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:49
Reported
2024-06-13 09:52
Platform
win7-20240611-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46D8BC41-296A-11EF-B93A-F6C75F509EE4} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d01c6e1b77bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000007cb1318a88dbfd6bf937b89a2513f0547bc34e2f235c3bce916790722b728629000000000e8000000002000020000000c8ca8af78a0e96a342cd1b2e2fb4b0311039a8f09e378e4a10b57662c7e3d6bf20000000e4c54edc5c7da537a798809137c71e60f6fe75ccdfe03139a120364cf002248740000000324a9bf17ebaabd185fbc250822c099f096de05c2161294da8493fb8bc96fcef7fce170e4be3c2e1e8019f72ef6ffb3e3517cddd8fbcda9505f0ecbf5f64cd99 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000009a811644e0d6117765a0c258a97a010e0758660697efce1261b6322d616d617000000000e80000000020000200000009680891518beedd731e781339458ef735d727d1b29f0cf24c6b64d2d43176bb990000000bfc3290f1acbfc3fb66e56d386ed088be06a7813ca2959a6851d9d5923c15209a019a523692f46ef1a27ef7180e72d13d31b381b4f78fa2df27a683b4ba2fe2788ddd109ec467c380302c30b432ef67f8791cb23fa31762a8a14fb2043559ac85a36f9d4071780c986ecea71705ba0686db48629d863d3ced282f7a10b7d6cba0c99cfb9ae4f61965b0d57933325b6d5400000006c3e765197a626f4ab988e6da802ef83c6b993174536b872999702b83c4c11780165e542a3e69b4da5afa933d4696908848eb8b37e0e9abbb921af86054256d6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434058" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2124 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2124 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2124 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2124 wrote to memory of 2912 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eecf77690448da3d6b52cfdd132be5_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab25CC.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\Local\Temp\Tar2680.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b40ff2454e132f85beba09b9f32b33e |
| SHA1 | 84ba2417c126da94e9833c8a6f35c98572b1e7bf |
| SHA256 | feb4ae563e0681f839c544ded706083b06bbbc6517c2adfa336fdcc257045900 |
| SHA512 | d3b9b3366fedf5e24b27b95b135c50822bdf69f51d6852af679fc74c5f9bd16b903270094b9e86eec8a7daf9fce622c98fc43aa5d35df3bbdcda289d8d22a374 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38ab5e671308cce9899d0467d9735da8 |
| SHA1 | d53b13d59db49034e0383553a2300a7fb2538e89 |
| SHA256 | 5748349ed2e387788b6958568b46234953b156b9e7db5ca4c0e360854b210168 |
| SHA512 | a221f58fc97785ba6a8fce1e4a7ba1780addb6e0d71d48c23a7d21012a95702c9588d1ddc411a72fc5ce3b95a0fb0e6ac6b7276dba8ccf9add4b1ea784b602de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff91bf6058c9f9e58379d0c7b0275c72 |
| SHA1 | a55c1a1bb44792b6f996e76b8ffebec331248b89 |
| SHA256 | cdac4c18699ebe75d3029eb72d9f1ae91d6620e75958dd01717a4e567e86405d |
| SHA512 | 50bbce919757614e65ca481db6d1b1a91a606b590cd4d81b9dd721f4d01ce7712ccf5118001fdaf5a1f6910c33af44bfccee77f0d2e3eb9f71a575fd6cb69a5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4ca29a544f01cc9dea715213cd1605d3 |
| SHA1 | ef747932186ba69fadb4298902991f30321808e4 |
| SHA256 | 9868e3cef3de11d510bc91426e0df032a51e48fd5052d1ba6b456638695aa359 |
| SHA512 | 6c38ca346e0ee94055f49ee6304e1bb19f8b146f1c6a1fef6cfd023f8917e4fcc6197794f8b98e3acbd491bbf2cd794a03f2e8ebca9ad456965977e9ab3b7957 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4cba486d034d3b794848cbd501f566f |
| SHA1 | ca7ffdcd4fb11ab7de76868a0eba971cbbba2525 |
| SHA256 | 6f154e91f8bd93575396eca3daddf7c5992fd3170a34319df6860203554b5701 |
| SHA512 | 14dcfd20a62ff8e520a93f720dadde0358d3b25e46181f181f4ee5fd47eecc13df03adb40e637b8527fdde1f885221aa3a719e6287d92f583c3ddd6f81f08c3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9157b3428e866bda96beeb0e6256bc5b |
| SHA1 | 6120198098eea2be1eb847d3aca469ed48062d75 |
| SHA256 | dd9fe70d0d46b02ae20f2a340a7f47e3aea6c7df71816b3c916c95f6b439b519 |
| SHA512 | a6a5ee59da49e4e8621f77af1cdbe11dddfef8cd8b0e50fd10e0fa8dfa7fd0ae8aff0eb7bd07637d5689ddfe6aa8647a6bdbb22a00d9ebd57e942f9749bdbd10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b3caafa0546c6a11e23cb71454db20c |
| SHA1 | d2a5a275e94e31e4a0e55231f3c22fc8b2328748 |
| SHA256 | 416a3fd9c2caa88675747f849643aa915c1cdf39f31131377b4ca65d894010f7 |
| SHA512 | e2a3e5499eb08345700bac51fd249ccd5368f3696d89cdd5112b4279ec5e99f530b27c0bb8b4d03f4c2c45c101662394675e56f48987b74bfd3be19ad2fe3301 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 06689116eb9bfd18bf0e7db19e33c693 |
| SHA1 | c1dcdfab6051bcdcabbcbb33a468907390b2daca |
| SHA256 | f870f857a3d48b8aed6681f1826f926b470005ac0e31ae4640981e2cc85fbb14 |
| SHA512 | feeb72da6f7a4d726e1f025433af99dd96b52a8cb70feffdd296a7b573988fd64379d9c0c469dd3e622919c15220e989d36dc444939d3480eb20c0e31688a6f5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 30a170a90166606f92a63c7646acdf94 |
| SHA1 | 3ed22e7fd7e3457800ddd9d24cd7267910a30afd |
| SHA256 | 1b0cd922166b5c587dbc0a14aff3bc172db639aa91562ffe251faef9c02d0985 |
| SHA512 | b604dbcb8bcc357d51d91ca7e0ab704d91f6db78c6794b74db014705a769393aca25c99a8acc02aaf7f7eade4a358fed0174759664182315608a8226921491d5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e961a7e39bbfe04493b758a619facbdf |
| SHA1 | 719ad6b3296344c5a513772bd925c69ba02635a8 |
| SHA256 | d84c32ecfbb127b6be4b86276ce71acba6724d2b7deff3d487aca636d5c8a38f |
| SHA512 | 33f2197e7caaa8d14816b6ae070da9a7b12f74fd69b8d7a16bf61cb552dd5c3b05d5aef36bb4f4e2d9d0aea7adf72f3ed0606e2a013f824aac801de3e2df80d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e62588cdcf9e1672d98b7063e4bf5372 |
| SHA1 | 4158e2e4f4d6032e1c17afaaa909c1d031879626 |
| SHA256 | 1803b2f1813a56d12dacaf2059496799198dbbc7c643182aad7f9a4c93604a2b |
| SHA512 | a48abfde37892898104e46170b825056cb960aca93160bbc26d182b6d04622fbf41a94dd327f5b389bedb8c4f14fb2263e842ec895797dffd78627001b2a9275 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 008af2b012e6ef8e27c6740fd4847b88 |
| SHA1 | 64ecc8baec8c9caf1739ec37309b45ca6e38b80f |
| SHA256 | 164fe59dfbf02ce1b453ad83e3bde8c38bb9175be867d53b48adda635ef46d57 |
| SHA512 | 72dd0c6540fc59abdb3066cdee5840a34e01ca70fc14e2221ba999bee4d2de5e711f4c9f5d2aa16e634ce95821f523fca237d13b2c746c7b2e34c5415b58c04b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b7f7288709c4f9ee00a2d0263d286a4 |
| SHA1 | 96cfb7e4a6645b33205587f6e7938c67616eae1d |
| SHA256 | 71c36f0a65a4eeede10bee8e08f737d57de8e8132db8de98ee7ffeec360a1679 |
| SHA512 | 69b81d2894d6cb3a3da98cbd380ea38ea13ecb2622c6e5e6c22b2931f45d42da98892b6bf5e43b26507d19c533b38d176daea45ab08be58217f1c5d0c0e78db4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c40f699b8a42a001f17abd0a5033d089 |
| SHA1 | 14ffedae59edc5cf6c6ef2b63d8394afc8182f56 |
| SHA256 | f9bce1356b77c5cf8bf8db93308e1ae94803faadff71910210bc0ac96c2d8411 |
| SHA512 | 65cb9c1368f8ad4bc932c0f7c7bdefddd653052a9fbc82951ede7777d5d28635a54d5c1827b76b82d73f5c98097cf1cd9bf67812f836f77b17fe22598e9415cc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 58a24f174bfc04c582e5fd7940260a79 |
| SHA1 | 85c5123a1bd1de9d865db0be93cf0d3dc93f65e0 |
| SHA256 | f262203d342d90149d8b460476b6f5fff51c615178e7d5d54d3af5fe61734300 |
| SHA512 | 8e632bf392aed77730dddeed954e1d8c0ce0420fc188c114d5e3098a105e47eb7d81ffafa45fa5ab4e2c3ba0d34566e089e03534f7bb94287ad962fb0a3f5641 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ed0f650c810b540885550643fe4682dd |
| SHA1 | 02d0dadef50e3e0bf7e197f2c9bb8dd306ddae5c |
| SHA256 | 340355741726c98fd9c60c1084376132b70d51aef88dbfc2ce5a6112e693c257 |
| SHA512 | add377b2b491e8f89ffe0a8761f1d26910c43f5f5f0c86587a879461d317615c7d8d8e20c4c059626b834e5d9d143512b12482b8c1b318ffbe0693c584c05c2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53fde58402d4c2141f3617ca2d935179 |
| SHA1 | 6ea3065c8eee0adb1a211c2c951f12bce00fb965 |
| SHA256 | a5c9ef38c1566b4ff2b060a0bb803e17357a559dff04cd8c23b117064c426f4d |
| SHA512 | 74128bcc49c9957bd286c2d1891c5b9d54d13d5d83602474af02fbe6d42f9cec935a69155f4f6e6e4eebf5e141e41e4608c255c7647bf3b25abfd1038cd9c8ec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ac46331d5cbc203a2dc362ad32a0e291 |
| SHA1 | ca265c0e20e9f331654d563e35941a58bcdfa639 |
| SHA256 | ce2d50c082265682f9c3d177f4a75b7dbe3bb6df043cc24f33396859baba33da |
| SHA512 | b35501322150b20b036a21bf69fbc2de47fa918099a39b64b562c9abe8919001fcfe8ec68f48f761ebccb614d3838c2efb86c658a5baed33c5774856696029be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70b354507acef611db877c80a603d3d8 |
| SHA1 | fd57c536e7f35245571621d6df6b37ec38ed2cda |
| SHA256 | fa6404dd79389286f17723acd40c67e39fe3137b82cfd51bd912c64831d128ac |
| SHA512 | daa28b13f99d06b8dac4f048b27ec6667dd67a99a3503926d064903602fdb463cbbc356ffd336b1f3b6e1f454aae1ecb06beccb2594545ec492439f7fb2adba7 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:49
Reported
2024-06-13 09:52
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eecf77690448da3d6b52cfdd132be5_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4176,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4196,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5276,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5304,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5360,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5944,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6104,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5796,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |