Analysis Overview
SHA256
2aac6bc31f1c12e837dec272e10de600337f52daa919f26da56ac9b906b8ab9a
Threat Level: No (potentially) malicious behavior was detected
The file a50822630023dccf71ae3e1622a30d08_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:15
Reported
2024-06-13 10:17
Platform
win7-20240221-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0cfaeaf7abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000089cb2e0bd79eeb4b85c2b596cc48dcd0000000000200000000001066000000010000200000009fec2ace8f041dc91505724909c9795cecd40d1be8f73914ffab0d3e450ea39f000000000e80000000020000200000007c2a653ce695d1d8d81c83b3d742ad0a18339158c709b58d1781e7986a05f8c790000000ae7b0f9d08e598abb1d3dbfc5626809ab427775bca495346987d25827419623fe8f9a84f607d2ff19cac26c85b0a971c1a526d100444252e76b7eeb9f93593622d05eca53049b6e5c7b5539a9f46917652b70bd85a523bbb803cfbca0d1c76814d73190b18591bf4c10a2508da62c7b00e72e215868dc327b550126b824d2b0cb6f01a88327b608fbef7e2ffd3d502c640000000173cdf157fbdb90483597435fdcefff8b4409b5567651223119b47f5cb0e8e71a7d53d39ebd9ce26540b523e5c775d5cfcc74635bbdedab9ff50f7d016fb41d2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DAF10F61-296D-11EF-A564-5267BFD3BAD1} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435595" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000089cb2e0bd79eeb4b85c2b596cc48dcd000000000020000000000106600000001000020000000e1a34f8545f49ebcf9eb3e1c0e214822501c1dc0cd4685ecf26d6984be594008000000000e800000000200002000000018942011593cc0962a4e470160ce4c0e71f85b943ab84ce122acfc1963840c042000000084868c66ab51828b7b1b44e34db4cb26fbd28564e2d161d0e66343dc750f79f040000000d52147bf28e5de57458970d3459838619bd571b839b15add2b4592affab3b20ed4fe361d97dd922ad58666440a6e787563ac2ac48581cfcab8c9004e8e3efcef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1612 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1612 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1612 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1612 wrote to memory of 2504 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50822630023dccf71ae3e1622a30d08_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.22:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab4377.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 392e4b9be177c386e4bff8fc589b6d71 |
| SHA1 | ecaa1e1f0039cc3ee8903c8856927593eebee925 |
| SHA256 | 37b306bb815dc2ac50bc5dc31f98ea02e8864e96358c1dbf72524a4dc14d518d |
| SHA512 | 7f51cd289d016d1ac825ceac8fdac8f567637518caf78a0c9054337b41350dff0bb0bf0be60db57ef2ccde9ddb3bd3ef672a873ed76c057201ebfa256ee8cdf9 |
C:\Users\Admin\AppData\Local\Temp\Tar445A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d28fbe33dc39f5e221f2e7619e3e388c |
| SHA1 | 2f36dc25f38bfef56dff46c84e255615fc58c01e |
| SHA256 | c3cf740f58edd5bce249bef63ebe11480c2d9962fd42b578e16a17f77dd77c64 |
| SHA512 | 286afdcd1dfa466eb8e34de35817dc8cfe3e7121577d246bcf1d012e9c272bc39ffc6c6ea69e21094e1e31327ccb2f44de0ea173634962d39d09f96d9afc4dd0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70767236177d4701d47a90f7a7ce01d5 |
| SHA1 | 05dc903c30636f42ebd76f0a12c3632bfb314c97 |
| SHA256 | 3e86c732cc3d36fa6aacd3d6daadad93607c9e21eb743a3b3ad943d193ffa47b |
| SHA512 | c62d1a5c177c2ff59aa341d19cdc78bcd8a9c060b2f46d50859c2aa7058d87602396adbf4c6bca6765c44462eb53b5fba3bdefbee3d52a7e018a21308c3a257d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 633f036d36e7ec14ebe3e17ad8b68d2a |
| SHA1 | 77b1f0766171e23c4db52df3e657cba574ada9f3 |
| SHA256 | 1d66e592e791018c6d94a72aa183721bb3dbd9c3efcde3e6f4a928846387b51c |
| SHA512 | e4e17f7199d1f7bd617501dc3ab062c7e4e2280f07093e8ea60deae60cca085c10f487a312ef5b4956f257561c8906cb3a099551f281571fb03a5452c388ac7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6973b02bbab44fc888a9b3aff7ce07a5 |
| SHA1 | 24a572be2b81a062c8b8dda495cf1171a1da49e3 |
| SHA256 | a194c1292726f624d4ae7e364eb02c60cc2f1ee22f9ad755284f54738a72c086 |
| SHA512 | cb76c0b6fb42a0ebcb006ddb47f6d91fdf58547d078bc5604aaeec2703fec17a1511c05b7a20d01757fd1fcba38060520cd5022b97b84f74060b18471496e5a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e65d8f8f9b6282932caab7eee935408b |
| SHA1 | 2345f98dd318a2c81b8755902991833dc3a608f3 |
| SHA256 | ab355b72f00d02ca473167614e7ec9d8bdd25a0e7a4a61909a1caba9cb08fec8 |
| SHA512 | 4b1adddfb2eb09d6435bc3010090d82da62604c52ad2159e4e220d959477b01ef652e82549c19eb972c97b32173f99510a5a81c3aeec41943579dd0d78e9194f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 780a9619d9dab55184023d4b30a195af |
| SHA1 | a8f13319bb7feac180e1edf04c6896d494160f09 |
| SHA256 | 3626fcb10b567148f87e809218c4cb208e1bde03d605dbbc0b41eb4462ab3d39 |
| SHA512 | c4a1de69af7a7ecb971d1ff0dadf5922876757e1219d41646d1252ef8773354b45cf051712cf66c20227c0aa542c38c14f6139c196cd00eae5930698d5075ffc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e1ac98a34cf9b0ed23688217c525cc8 |
| SHA1 | 1806ad94f5244110a65a7c30968825315c80ef0b |
| SHA256 | 775d3e95032265206d5c2853e7949d148810824b5a543c870edeba1dff5f4467 |
| SHA512 | 2288650e82ff6eaca7c1ca09d3a8019d0475cfee891a72cc1b49e38e3c79ee6722cf3accd92a8505dee95cb654d34ce5cd809c8398fd8ef0be2fe4386ca8c47c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c898ab9832964ebc61fe3e58801cd37 |
| SHA1 | 0eef2b1a15bfa2fb35402236499b21dcd6139b13 |
| SHA256 | 190afd091e0c6192b6e67a519642b3839c94544da9f3b894e862a0e0b6d34007 |
| SHA512 | 22f15e8c96da3e33047b69f124b80b2ea36ef9c9399091caa2ad54884d25cf6fdd39a345836e776c6da11085eec0dd72b832de5ed5791777b45c286fe7e2feaf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4422b044253a8e4c2b602fbb44b39d1c |
| SHA1 | 5c2fcf226db9115fe0e64bc96fe62a1f4b4712eb |
| SHA256 | e21a15a712fa751813f863cb00aa034da26ecb7469766774e2b37e1f4827a542 |
| SHA512 | c89a3f0e9ab1922ce2af001d6d7f26cf88c983ed0bb32038fcfa51628271a0be879cdb930abba15fd66cc14c359843766e3ee9d7164a3fb7ed0b2401b0b734aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 332ed94ad22e4856962468c670845c9e |
| SHA1 | d518135699c9f41f4ad3d4b3dfc8f27ec61f33d7 |
| SHA256 | 867b85220c7fd83b1e40f586dff984596242669cae925bfed99c40bb44633d98 |
| SHA512 | a0c5a8eeba9f3de9048b8498614fa9589e1d6952beca40336dcf2695d6327dd6903de7a6eecaa6326455f0673bf90ac7a8aaad2112aa48ab1d40efa8f342657b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66152dcac899754fc0d4b4373ba2d33b |
| SHA1 | 9c86547274111e7a55221268b688ae6e88e3c919 |
| SHA256 | 4d25268f6bf2b86960b6fc84a100737a65b35a5799d97fa0edd9abefad2b69a7 |
| SHA512 | 385aac062e16952a04dacc562a32666cc9084c58a888e1ac25868af88cada028e07fdd69f3db074df08d440bdf9bb9bbedee103c820d07875d206158accc62df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d4000e34997e3ba81b28e2b38db87a1 |
| SHA1 | 25ac4f2bba6bf3faf603920d3d0d9dbda4faea87 |
| SHA256 | 082043129d0f3d0f42351038f4cc45c8762591f80b0d258554f458d40bf03189 |
| SHA512 | 2ca5ecaaec61e76ad4a569890249551dcd6a4cfcc43c1cd8c478d76ab54eacd02e601fb748a452a183e48e814716e20553a7f342d75a82713e37bad536d081a2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 954e69464ee0577885c3e4a86c30773b |
| SHA1 | f35a2bd7cc3e14d42d3a4ec6a95d366b3abd9d1e |
| SHA256 | 489306095cd24f9f1e609fc6bb4bd4d3ef704cae9aa75c2df3a5385406bb420c |
| SHA512 | 741857900cb5c8ce23b05e4143068c3c174233f17535191ed51920e03d5ac4272bb57e29b1f068441558ea719720f208081c47686533337dfaa6136f6bd4ce57 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd2c27b033d8a68adb32efb599c9e589 |
| SHA1 | 5ebd3c587c1e6000903a5eb5bdda57d55aa930bf |
| SHA256 | 86ad07332f8fc1ca806596eefd4a062686a44c8933879c6c37cb4997954df244 |
| SHA512 | 0b4866a9fc09130d3b45b243d555a18e1017702244405e064b72e571dc90c6d99534973c6da5ff01c277e352e78ddf70a8ace1a607b7287d806cfbec4a969f4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 894d8eeb1dc9eba50c65f18466c8903e |
| SHA1 | fcfeb866a8b2c39d6aca9bf2e3ba8c94fd1036a2 |
| SHA256 | ac2d15fdb4ff3f4b0ff34ebee0eeef62a59c4614f69f97c4a3de5f4d1be623bd |
| SHA512 | bae7a115e7f57ea341851d2512a1d5e8f45c1ba49ece356d4366d040ad163893b9d3b4bbf6325a7066fe9970be6a0ff6f765237d575bc89532dcb2f9c585be89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e975049097d0539e7ed27bea33eefac |
| SHA1 | a7fac55885590ef3404b91afc33375dcd0d181bc |
| SHA256 | 540befd29533a2e6102d6e4eb16664bbd9dc8e05906d743b650170e4e3a4a287 |
| SHA512 | 6741c3fba012e97ad29f012d1a5111d8197baf9abfbcc47f29a98e392a71f71eb44b9b28ccb28839b5425704f37c4550f14984bbc34050ec0e8c094d4bd81e6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 333d4e1a8502e4e9a1a4c68bc2041635 |
| SHA1 | 0e0c37d6d3ee84e701308822f4fc47817f443e06 |
| SHA256 | f26ed92a92722f3956913c6a38edfbbac42feb58f0ff1bac70b709618c8ff007 |
| SHA512 | d43ec3e308ee0955569dbb2abacc568cc470c76237c99e2e4aabd17e1e19a136f61796501cebd238d5be69d1f457ae4c945f627d646cc402dc9002b151a10d4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a2501ccb477a938af9d568f9dc97619 |
| SHA1 | 02a8933d38325bc176ae163e61b9e3e34a24fb63 |
| SHA256 | 1f7c839c17bdd1d6471e54f23648b6e4e4973ef2bd23a0cbbbc3f8033015ede6 |
| SHA512 | 70b87d13f9603e5b1a13ed6904e001c4b110bf1cbb6077fee32b7b1b6fbd2acec7f6172b35aae3e33671e6454dd5e8fbffa3edbef4a43c4117ac26daee12c45d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e30d6256e00ab7f9a86ebbbee80cf60e |
| SHA1 | fff282cbfdad27d4a5ccbd6084b800a1f2e9951e |
| SHA256 | 203495631e2f862f975dad87d5900b95f4955e2c87042d6b02e0e49054910369 |
| SHA512 | 8e3e909b413f0666dd5c3f447f07ecdfc54a6d04554b36f71c1008567c8a57bf28f006fdbcdd5e17aaeee6d8408487a10bc399044f0768cb611312be8376f093 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:15
Reported
2024-06-13 10:18
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50822630023dccf71ae3e1622a30d08_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=2080,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --field-trial-handle=3880,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4408,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5344,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=3100,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4412,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 13.107.9.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 76.76.21.93:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.vercel.app | udp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.vercel.app | udp |
| US | 76.76.21.93:443 | party-nwvqdtumtz.vercel.app | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.20.12.101:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 158.9.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| NL | 23.62.61.152:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 152.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| NL | 23.62.61.185:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 185.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |