Analysis Overview
SHA256
0d1a67eeffb3debf46a771791173f483d8ea6ae8d0330db9a601cdb8343e07ad
Threat Level: No (potentially) malicious behavior was detected
The file a50c0b2a06dfacc59b961438067e8a99_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:18
Reported
2024-06-13 10:21
Platform
win7-20240221-en
Max time kernel
136s
Max time network
122s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435787" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4D6AFFB1-296E-11EF-BAF4-4AADDC6219DF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d22acb614eb8f947a72b347ac349d0fe00000000020000000000106600000001000020000000540c5f3dc58b1c9550c171ed1223fb48b8aacb6febffca17948ed3733db5edc0000000000e80000000020000200000001bfe65e48c9ffbab403eeb439c62a0a68491b524d3aa8c6d68f3587b436e03e4200000001a54cfb2f94d80ba5976a2631a1f59cb15aab60bbffdb5a606cbd9f6f8f79034400000001d4ef5c184ebc8e0b87ce76310436574393717d0f3317a25011f7cd06ed9b502c0c9a6e1df29e243059fc0b84969ad94b2ced70efb4189f71bd2a1001905439a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d22acb614eb8f947a72b347ac349d0fe000000000200000000001066000000010000200000004521b9337c7d3ec1386c7dde764770c49d7dd955cfd914aa052ec8f6e8725f8f000000000e800000000200002000000070d0e1ff042e2a70cc22090a26a4c553e7789ed6e4a99944000a2295b50f98ab900000002a59f240d0b1022f9527dc11e07e4800683d508c193393db85bc82305fdc7b4a201e5060434efb942873fee51d3a880c879ed66729e059ad808f61119995f5288edd14b73938dee9fd5ca960be7949b3e5dcdc59c50e6df57ea68461364eef1317fa33b88b97aa5019479dee302f027452dcd6a54b14dddf6f287419a484acc2380581acf0445991c03c7d546db063dc40000000989edcf3a68152271dfa01e52e27d42e5dd9e6b742c054ad35822b3ec6ee37600e1e62f72056e2e7d3e3aedff4776a9681af0ff09da1aa8be44b5bc6a2368374 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50adcd607bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2872 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 3012 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | web.nba1001.net | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.182.140:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 14.215.183.79:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.3.198:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| CN | 111.45.11.83:443 | hm.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
| CN | 183.240.98.228:443 | hm.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab256C.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar266E.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 017101faec858c00fd7e547798d11645 |
| SHA1 | e4703bf4b278f932a0a202038304daa250a266d4 |
| SHA256 | 967d591368c8d18e18c3fc75a234fca81cba9b8170989407d2726f3420cef86c |
| SHA512 | 79fe0ac2ae8c4bcee46fd12dc22db4ad67faef033f133c9b502e4d762474919861f2ae1dd6a49fad6a86a712734f9fe5ea8fe85b3be3b6da6dc66663bc6d912d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48d24390be865f23588f912f2bb3ba8f |
| SHA1 | 985c1ec802b441ac93f6531b92f1ce7b4ac8426a |
| SHA256 | cbcfa08979e4322022f8601e8ac3e6039b3a7d2744c1ef68a079e5f7f24aec5f |
| SHA512 | fcf2a86c2ff4924dc510e8706e85c57352021748a05ddd94382635dcfe4cd9b66d0a1619d23df1f524065f2cc81278c0fb85477cc52896f0bb28263d38abbb7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0f100fc4fd6f6b12cadff901734b6b4 |
| SHA1 | 57a17b736f1e9559c20cf08d35ca833d8feab4ff |
| SHA256 | fec62d7edfe72050309ff23f02782017053b2a394ee414ea03388b610a459670 |
| SHA512 | 4f426ca78fa69a7bcaa8c89be7c4e447258eb18a1c94b63271ef2dfe6bc67b56a68f6856fd9087ae433b35a3ce96e145f8e3f871c490e602ba77c94be9cf8333 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e147bf3ff4b789005c4ddea2fbec3fb6 |
| SHA1 | 9fbfc5f1cd0d964fc47d2c5e9b76b8fb4631d072 |
| SHA256 | 6f2981bd3077fb4aad4a4cab351429c0e97bdd2a947ff3924a8489d5d540476e |
| SHA512 | 837a92cc6b642db25498bbb0acac38d05cb07d58bfd47eac097aae4963a494c31e55241a74e6f15e280d0dc4ca642fc9e605938d123bb494a91667534a069c6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 610200f5d52f9733152ca36e542df11c |
| SHA1 | 89011cf34bdb2ca533234b9c60c642267d2aff87 |
| SHA256 | c92f5847aa0efec6d93d2dd628896fc4d75ede827644606149e608073bd91040 |
| SHA512 | 10ffc593fd5eed63d84b37504112980ad6969d5bbd734f038f510e139bbbf52875c7ca954e1c24f4e353e21465447183ba27030a267dfbc2cc4b8f1a01e1705f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c3b26f9f0f8a193dde69f7fd3599a78c |
| SHA1 | 4860506939b0e075abe41dead48d46b873f16c27 |
| SHA256 | f9b47f19d9482f17d33376577fbc90ee23b74cd1199e6a533e8b70121180ed8a |
| SHA512 | 44f26ba9de6c39c78fd8774a9e7f3f918f52b04658db053258610c9b6f2dbce569fa31c288b711eab7f6b17b2eb007f172c79ccc2c22a7d5cf9a6afc31563799 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dfa9e231c7bfbd4578d0a98df260ab85 |
| SHA1 | 9e394fa5c3a64624e5e5553e5af17ea06ec7e439 |
| SHA256 | 3bdf53fc00c118f794c41e32bcfad0689514bec6c8269d96ef9e9c54d447873e |
| SHA512 | 7ad373153bb5ac42ebe1195872ce7b7360841ed7ba8006b78f1eb54c451296ab0d56b0596445c88d096f050550bbdf9f22cc24b35a7f1afea3691b0343ca564a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7c6d0908511d31d4d48fa6b6a80750d |
| SHA1 | e880ec167873fad1325aac4bc9d118ff6acf22a5 |
| SHA256 | a14caa49dfe1beca8cd359e340e38478a45a33c8fca2a0421012434116b3d175 |
| SHA512 | 59605716bb8f7191fcfefd3d8c1a8643249680d13df3932738236183def33cd7e9596a3ef0950dcd15ee1159a26d002fd35389ae3605d2fad5c2e5ed7c173791 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 80aefe4322547e4e70da86911df55728 |
| SHA1 | 0401a19e0c2add017f10fc20e0b247e99aaea269 |
| SHA256 | aa3e9184ef2dec34ac89db51dd713af2c4b0461afbc5242dcfe935865900f2de |
| SHA512 | 31afd81416645be0d6ef9f3e2ab70b79acd9dee8be0daf88168ad6b648c09d16120f3fb241962ab96040eaa39f2368cfaadfa0e273d4ef1b8ddc5f4658abcecd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9d405c18538f468bb6c4ddb79c2a5ba |
| SHA1 | 5d091cbde9e16ba0723a8ad90ff5b208cf621c04 |
| SHA256 | e53c29e2ed872e7bc4119903d1a774d1648906248bec1db113e2bbea8844a089 |
| SHA512 | ffbdb71afa990bf53de0e9fbb84638cc47bbe09b79e3dba4fb0280071bf629c95631f79f376b70cb81b1ed3a73555fdcd13a4b23f6428f95b7df4a53eea4ee7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e7604aa8b8f838252b50c279f9b4bfc |
| SHA1 | 5d83748bb97f3fcd6ef0439efab32635b133a801 |
| SHA256 | a0999064d252320cca8243cc976a6cb1d4823c684dcb4cc986e927e5937e3e77 |
| SHA512 | 38a21db79a0d6d5473abb942f9a214cae7edf67b0ad5647e2ac32b0203773272d392ce2ab2eab33cc583d5a103def3df25af9605328efc9cf279a1c654500af3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a158b5d2b0b35a120ccb2cfe582ba69e |
| SHA1 | 02b77751c3b064d239de3d8461e38a4eda045233 |
| SHA256 | 647c45d568860b7849b0bf530cc8e28f43d9b7e6d75b45e37deb7b267c3d3c6a |
| SHA512 | 2f5f95104eb7cf3cd2aa1830af49744271df3383b1917b61226ac8e6b2545efa1df174e055f43d49e26c17ae2a33254275817fd868b02fc54f64ae7262716aac |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 95b0f755e502d2a780da93f64cee26a4 |
| SHA1 | 4b150040db3c7875995de73dd0289bd5d14f375a |
| SHA256 | b3542e167f66c88e7fd5c1f09211ffa7f5104cef22d4f14882b97e4cef733cc2 |
| SHA512 | 08d2aa17730ec336333aef0bcaefdb5cbfa8fd3af668d835d1ef57222648c8fe0dd00f848f61a088daa98e1b01f243f338387d6241db36bc90199ccb29e5225a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 776e4bf1f5aad4cfe99a0cd70d02c72d |
| SHA1 | 0e7b5a2fa1b675a3a6f9805ffbdaf787d99e3513 |
| SHA256 | b00303644c5718d3da5b9c37cd612c7e276738a21efd06fc1765279156b38c12 |
| SHA512 | 0f132614f50aa74ead2b0d40120de37df0afb9bcc67dd365a9f2c4f3b2cb031fae1015912cc3daf1b50b876cdeddbdbc009bd268d0cf4c9e4445c98b0bcb8ab7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 187d43ed51d3346cf7cd09006ab3bd40 |
| SHA1 | c42a8e1ef9dc23f3f12d6b10e7ca92b7055069ae |
| SHA256 | 2dd026035172d1447ddf5be8d0a9ec19b768e793e1ce20ccc8b924a45f0e9a04 |
| SHA512 | 1801d6aaff7250f490ba89e78e98b4d5284f14f4f2696aa0b429d87cac6f0f75890f0dd22a881bff67f69a9ea8314ef6be322e01d7d806c001bd5233b3cf08e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17ff320e672513bdbb1ee5700c0245bc |
| SHA1 | 423b0eebe64e2107a411fd44128a73b8623ef69b |
| SHA256 | d09d916c2703a7962f0d07abc6a8bd2d5fde50c154e21e4991ff92f382cc42d4 |
| SHA512 | 9270cb15fb7dbe70495d3b3f1242e9574f572683978c0bf936f91937a06fe65b076d91c71fb47d758ed0574a52c6d8f1e3d7547f075cd8b22c3348906c364274 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | acdc30e10275d62e5b7d4e712bc02524 |
| SHA1 | 26b2aa5f5ea675541560898c853d097cdf30b9f4 |
| SHA256 | f17e890f265a137916728dee3e507e26bb8c65982966d30b0b8f7f902a4a5b34 |
| SHA512 | debfe49e42745abede114c67e90cf793b6b3b48040af0dec87f8ebc526611c2055cd60951b97f64518b91ade6a67f40d364a23b79ce963fc1b38a7a48061a89b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab924db7c9cd2a8e50f3c16d5362fac1 |
| SHA1 | 1f070f84ff05ae301cb1ceb541144aed812fa555 |
| SHA256 | e43a232b5407a2a0587b1b9a10360862bb007dbf119323cc3c3c4530bb2b8dcf |
| SHA512 | 6b1efc828461f080cca234458672c5a3e90346b1df2370216cf48648fe371fe481bb0f48611077d881344626014b0b53a446a7484456f557b00219557ee7aba8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f6760121eee5f88ef52e8d97bdca9f9 |
| SHA1 | 0b6adfa6699972f3ab2f5c0befd34c67f252014e |
| SHA256 | 8c84c0a22f8a8927f67bf2749a98ee76aa67493f7965701ac6b6c79b880b1099 |
| SHA512 | 041722ae31bb681cfa5b6fe81c2af86bcac0734f33872917fd7d3d66bebbfc7309c776dc934bcaf76ed687abec8d3f1853feae1bafecc9575746e197d08c07d5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:18
Reported
2024-06-13 10:21
Platform
win10v2004-20240508-en
Max time kernel
142s
Max time network
148s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3980,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3260,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=1636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5284,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5320,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5532,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | web.nba1001.net | udp |
| US | 8.8.8.8:53 | _8888._https.web.nba1001.net | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | web.nba1001.net | udp |
| US | 8.8.8.8:53 | _8888._https.web.nba1001.net | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | web.nba1001.net | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |