Analysis Overview
SHA256
c96da487ff7bac29e8908d04ea90d5ec6231a06d4d7f6fdc88d193873320849d
Threat Level: No (potentially) malicious behavior was detected
The file a4f2521e2df9276c40159aebef08532e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:54
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:54
Reported
2024-06-13 09:56
Platform
win7-20240611-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000000be3f3646403b9209994c7ec56f4fdf0bc17f4d7e1b527b2fc14ab517b10085e000000000e8000000002000020000000fda3b75bdd88fd5bc3df3860011873d32acffe9d5b01c3e7bf4c76342a1c5ccf2000000053306bd809e45f769de78730e29c3b3202c6e1a986ef0f712d3247c27399a3be40000000361f2cf1ec93dd16355ed157c5ee93aec7f0cdde1794d2c133dd042112d057ef10ea49834247fea2bb37804e6b3b29071c372736c7a9d85b132e77ebc3d24cd9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000d38ac9dddffacf7611478c7c0d9335812b435a5251e444b8a020395f00877501000000000e8000000002000020000000397f0045ed4aa0ddc4cf607d4f4672e8b259a3b587089aa6d32cc03a15998bbc90000000613704092de2cad3353779bbabe91a32b56b0f09848b0818be89e18ea80cf1ee1b8266a691a197c6a19fd202428d2022fb98c133ab594b9a912be872fc790b739db2eb70b764371d579abb27b0b5b9663ba287a7c6b3e3858fbf05a35e9eafd9bf799eb712f8bf4cb0634f0527f7ad298990b53d9b8e091957074cb37ad9a6b49e046bc53f95fe8976b0c3af634be73c40000000153587414434d52317b73aabbf738012bd0df5f674b13a58233119498cbbcaa47dd1a950d1d397e0c71f6c35685df50bd9f1892fa18fbdaa8e45dfbeb86cadc1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434324" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E55BBED1-296A-11EF-A05A-CE80800B5EC6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6073e3b977bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2360 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2292 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4f2521e2df9276c40159aebef08532e_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab30F1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar31A1.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 78843a9baa688311e2f05a3a8b793c03 |
| SHA1 | b8125e8ce7045288a325fc318c35b1da4db96cc5 |
| SHA256 | 158672660640ea0ae3c09ee8caaf99f0a2bedbd32478b88838967abd3bbef50f |
| SHA512 | 73e4c0872b8b629e02e05625701b3d9041d138ef57662b0940f0ceacad82d8633e658bbbfe9c979c9ba46e6de3a906953a00ff8ba306520a188bd5192cd2271b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5a4fc6b0c039d91fe1f00b07d8f7297 |
| SHA1 | c833d12d4b52e20566bfec019b2dfaeb8dc1e00d |
| SHA256 | bade4105c34fc05f0749e7c9b18c3445f42379169d519da9a3a612a62200a1e8 |
| SHA512 | fd14e096711a2d596f14634a329d251ff7e279e02406f294519cba41e02a5b6bd4cb00f7a260fc50046edc472ef9c16496485ce1def10932460969d155379295 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d407ce43d3e00228a06625d9c4e07eb2 |
| SHA1 | 1b850fe88e7dc8959eb39546d1fa37c857308a45 |
| SHA256 | 0f47fb96076547db48c9f7c6f622904033d5fb1e94727cbf64ddecb7d1e31656 |
| SHA512 | e43b4be7f0d271aa58fc3de1918d356f233fb06462b54f23ebd89abe0acae40738570ba1720e694af937fabbd664d5208ec4cd05b04e4f94937b66ed5c8972ef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51a8359200164dc7460a5e31f1f47ab9 |
| SHA1 | 0ba28dc7f414bebe1f6c7c3fb33d2359a8c20263 |
| SHA256 | b8710ee039e96d257c5c7c2b1d1311a524fc8c391722e27f6a6c8b4d9df0237f |
| SHA512 | 5cb424fe4ee9654cb9a3686cac5913b9ba83310d89203d1be6ae3f61dc67a5dd0830a89088bd8f565df80c2758c34fe0f03b9dbc60c1851d163db3999ee46192 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa074850b820e07105092a9dccca292a |
| SHA1 | 15c646d3e5ae8611fb62d15d6d18fcf75275833b |
| SHA256 | 514375a3656bbe154b00ba96d226365ac2fecf688d05e454363ffe2d5fa3ecae |
| SHA512 | 7f2fede7c7d02e301adcc4b0e57062c0b3411a3c958e9ce3e9a590d5b3f52926dc1ae6b7b609e362c5af317b374006bbcfb6b583004afeace1ee3a855d05f0e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5b7ac089ce83514b736076351fbaff0e |
| SHA1 | fee18c010f3440894c95626eb6bfcf55a1e8b058 |
| SHA256 | 93a7361ed36b7d7b92ba7be8ebed6c68d3171a398e094a8e58c14242da4eb1b9 |
| SHA512 | e87b05cc52738d328e3a8e23289d72e9faad8531e6c05b2725b845cbd385498b31e3c31c1010bf46537a17d064f59b51fa66c52bb96aadccc47576116287d1f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acdd2d424e9941e58eca7c92de260792 |
| SHA1 | dbd4995ed2419ed46eb684106274f9725221462a |
| SHA256 | 52b7e7f45647e29021046b93d3d2b790c1b20d65d9cb384116bd0b9752bdf9d9 |
| SHA512 | c5f4c8b799d9827d45b89f90e931ddc0e278318a0b39551d3fbc464b270c17d380d14a20327d6b6d55a2903169f75f71b6db9c65d65d2658180d13ebe0b545fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15a6fd83e964d82a142cc5b7b081a7d5 |
| SHA1 | cecdf4c5a799cff6b58cce5cb8764d62e754adb8 |
| SHA256 | d1b75d2ba65a2bcf1bc803c749d0bb887f2f2403e97c96bec40a990fa0fde788 |
| SHA512 | 8bf95de0aef446b4fc5f2a70ced80df7cd3e64ebf03783382838ea796ff60bffd3d0583bf232644b9ae1aa689dc3c22bb27ed251181e77ea45cfb253b2307885 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb2c33b4fc1d2cf356a82c7427815547 |
| SHA1 | ee0ec53864e269abc20b5bd1d65b805f39054f82 |
| SHA256 | 21b743a7d9d6e38a93c7b538bee8f3973b4a110a725f63204978534ead8dd97a |
| SHA512 | c1e1df2470ded52f5fdba09a500351653778c7dfb67d9ac3f28473b06d216ee61085ce3c09e7ef5da6492db7a49350266cdd217d26a6d346292c512d3ca6f6b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3aa91aba3783c2033400c8b47d523ef6 |
| SHA1 | ae324cbaea1f5088466b8323d3adc1d624032f8f |
| SHA256 | d8f79f715aed7fd00187635cd03a562ceab2e74474f611374e3f859564a74869 |
| SHA512 | dfebf01f61c83f05d79ebaffe3183fa7e89f72de99d4c37f648e172846b9dbe2824f584cac2ac3381c8eb4be9c3865ffc45b3f2409210ba3a2917f99e0c3c165 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb00ffc6c101a6f26929fe741ebadef1 |
| SHA1 | cd2f8e2b9887b279f42bcdee7c1ae92a3faf8b56 |
| SHA256 | f9d87cd82482e3f5563bdcad30e937af54b530259fcec14f1f01315e35c320e7 |
| SHA512 | 0ee98c3131b7880ba2ac03c59c9795577ccb78d8f740dd6286616c2c36b560138b51cb9df7774dc1d0fe54d9fe12893e155ca04a9bab6282c87174f7139740ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcf011f52a256645d1924b3312e11500 |
| SHA1 | 8d48cb56ae97ef203009a80097c9856f0f52b0e6 |
| SHA256 | b3f8b3c9c54de5df4a895f165abe5529c6cd89567b68e6e6d030f8687f93182d |
| SHA512 | 58fafcc487e5a22633f2661216e7413ad80105306f9c697eab29653ec47f9a37640532b37a1e19c57f489cfbc75ae175b2f46845534b68ab5d5559b87ced22d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 933b997d6c501339e05d4dd52bdbff0b |
| SHA1 | 34a34877774519417202e9937798b0195ac6c215 |
| SHA256 | d50387908008f5ee6da41010dbf83c64269a6f8cc0f0bf39582f1ae65fa88176 |
| SHA512 | 6c33bc6f383facf576191726b867aa90f933c58e27807aa04974c76ea296db4e60bdf4702f939161e99210520a9df9c7c9a83488b7103be257534ba5fed97ecd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0e3117894e196a9e2c2540fef835bc2 |
| SHA1 | b77de2b8c72680b63fdd30a76d40aea01d03984f |
| SHA256 | 92735e5af408f3edc93c542257e1c69712dd9c52334f8969ae0568391aa66eca |
| SHA512 | 9cc958c826b4b9e7e193e22dcb88374c884c3a58795c7d2c625edfe531092f7a26f0920ec127769d921a5614efc26edca4a1600f5bf6141351c40678b85950c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a21fca038b45bd69e6bcf41aa7c1846 |
| SHA1 | fefde46825fcaac753df13f7ef6faae349737017 |
| SHA256 | 23476b2c2c8b531821a11c08cb5bfe7513fb16b3f14efe7bdaf7b24fb764bec6 |
| SHA512 | 680e34263094471b20228d41c5ea3edcdf62ddafcca1028bd97a6d2494563b60942620145ddf164b42314450e983d5861e29fd8aebb5ec01c2c92326f28d47c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad1fc08875ab89fc4554fb28ed8bf3a2 |
| SHA1 | 0d379525182c086fbe71d369372fa42bd07182b1 |
| SHA256 | 3f4fb3769e58dd95dbe0c746f5812722d810e1a8fc60a7f3f391d87f460a450d |
| SHA512 | ec27c6ad3ecf35283d0254faa16e08a9fc337634a14dd7afdc5049e4f921bb99f4085f4649bdc31809c0bf1623fc9d234db2a116f957d20cd8713693c21c2741 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cabbc8d5c00762ae2ef75c4cb5a8f505 |
| SHA1 | 49490eb5efa712b350270dfcdb4cd61e9717317a |
| SHA256 | 1d8e9ca46e9e7c4c63cfc951c3731d8cad4be4e725344a899171f8aad8a8f952 |
| SHA512 | 5cdb920d611a4bb12843bad303a278762cd2c21588bd42093c077b44ddacf312790eef5c095ee4529f80754febe6553d91668e6ea481077401a360b45d8c3389 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 807486cc0dd5b1674fb179bf4d3dc86d |
| SHA1 | 55ecc31cad38302638f0e6248dc175d77f36065f |
| SHA256 | 62bb2bf7fbfacd5ce7f38592cf63558bc7b36534dfcef39399f7ac7b91c33204 |
| SHA512 | 35d9755ed5e364d5784df25ea979ab521edac92129ad2ece77f0e26506e7c8235e26ea513e8cd6c78837338b950525adb00f94dd6257b3622877af2d05bba141 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c156e8ef41f09c1b00f16fc79818dde |
| SHA1 | 78580f7cb8796a3c8af2d3cc37765dcbbd58c8a8 |
| SHA256 | 1e74e87dc1032fd0a0cfb041eb4bfc9e0b72eea543f95b2e3f925da0da3eadc8 |
| SHA512 | f5873a63ec9e97c489cc2e2c29efeebf2dec88188c366dc9826011c4a86438f96220e88e90e8b23c4e20d5f4fea9c5e861be0780afcb918e045b59f0d4c50abc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:54
Reported
2024-06-13 09:56
Platform
win10v2004-20240611-en
Max time kernel
129s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4f2521e2df9276c40159aebef08532e_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=2068,i,12594301322143882025,16832588342008839449,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --field-trial-handle=4276,i,12594301322143882025,16832588342008839449,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5320,i,12594301322143882025,16832588342008839449,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5308,i,12594301322143882025,16832588342008839449,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5500,i,12594301322143882025,16832588342008839449,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| BE | 88.221.83.202:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 202.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| BE | 2.17.107.123:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 123.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |