Analysis Overview
SHA256
6a2aaa38def9a4089c3c2d6d13deffd8328c6469a1d83ed856d2cbf33e6e4d4d
Threat Level: No (potentially) malicious behavior was detected
The file a50dff5818d955865febcb71a9aad417_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:20
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:20
Reported
2024-06-13 10:23
Platform
win7-20240220-en
Max time kernel
144s
Max time network
146s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A4C2E81-296E-11EF-8A5C-CE787CD1CA6F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000000b85023bc75f74eb185756db53972190000000002000000000010660000000100002000000058d44e7dcb1167d773d7afd472b73e83b92a410113fc0531d72ae3dfd0e9657d000000000e8000000002000020000000265f1069386d593c44623dbaf6d620ba404b60c00bce554d0556516af1aceda8200000000061abf64badda4b6f0642644fd4c9aa7d9439c4e4de9a175f1b95a09974a4a14000000024ac410d5b923c29b4767f258358ff4646ed337d418ada176fbd0919964bb2450bd36f97287db5efcc78ddbb7b6c21d300124eca82736e40968d057414d4280a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435916" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90f4196f7bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000000b85023bc75f74eb185756db539721900000000020000000000106600000001000020000000e48f1ec9ce9959eeab5a9277fb99bc887541590a7a92d0a4cd2c6d67ddc6b744000000000e800000000200002000000026d0ec8fd8ef77894698b7017090661f53d1c02a8e50b9f95473fbef081c16d29000000046262b0e3e3dfe2cacc80cfbe75a5a4d15f959417dc97f6b6277b77683d5c10de3e92bbea7877bb27f7fada95e1f62d3a42b7e64a2c5de0b711dcd18f612b8246c0dcf899ebe4998492b3580cd56ad749b680663244d5c12e6232d79063c90c64427a7bcb021afa61502553af096d1918d70a8f9df1df7c89c9ed713eccb21abeb6418f1ca1792c6ebff0775f0f69c7d400000002f1e3125bc33b021d777ec02d2045b0f3c27cf8bda5ea3f3a34bc8304c494bad2e793d1a0ea52d646125a3d14057d653cf947f0a768c74faa4748c8e839f697b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2084 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2084 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2084 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2084 wrote to memory of 2036 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50dff5818d955865febcb71a9aad417_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| GB | 216.58.212.234:80 | ajax.googleapis.com | tcp |
| GB | 216.58.212.234:80 | ajax.googleapis.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| US | 8.8.8.8:53 | ww1.cm.perfect-offer.info | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab2BC5.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c41a382c8b154becb2f18a0a6e5abe9b |
| SHA1 | 11f76e12f890bac13de4d70b8f646e2bbbe6f0ae |
| SHA256 | ce3446f79669f21a9cdcb6791450e345d02871e87bd2841b898d772dfbcf7a49 |
| SHA512 | 80d0c291168db429232babf00844b929e5cb4cb4b8d55a16916b3fdd834e5bdb4a97f2e3152398d3380471805111387eea44d043ac4acc7c7f783b661eaa631f |
C:\Users\Admin\AppData\Local\Temp\Tar2CB6.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 818882ffbd1e6356fb779a9197a94fbd |
| SHA1 | eebaf5a98e730007c92497d1e809349c8ade0f1b |
| SHA256 | 1476707f05e386e76d4bec79c1c926c2297350ce0982c815693b9348c94455e6 |
| SHA512 | e2bc8983890b9237bc9256af6998b0acfa603e22bf521e6ed5a7822649231c0148bb00000f283535b6b5bfc3b390c9bc435a4902e2f5afe234ec252fb8c6e8e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83ca6f20a58a6051f9482b4ea41ac720 |
| SHA1 | 251bc78a6615cc3a859c4fbd6344e14cb1a07615 |
| SHA256 | 8fcedaf45215f7415925e74c6d51717676ac500c3905f00e0a17eeb0c11af7d0 |
| SHA512 | cd7642fd3976dc4bedce1bdcbd9c512b178bc8b42889c621959277f912128a135242013e1dd890f146149f43aed55f3afb8b3cd3e61d6837efa000b4f7e08b14 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 46c5a973cf1e8d50e437ac7fd59465bb |
| SHA1 | 99a5b31e870ef86489e2e1190e0237e0181288c3 |
| SHA256 | d3de17cb281683793e12d1ce1c91387d52e7465c65c4e864363910f6c497f4f8 |
| SHA512 | ab353962cc0d8b696db08dd31ee473ba487349e91e9079588894b9b95bd02a206ec3b7e2be986fd4f03f9061e985bdaf17bde7d96d159da595ec3ef8c5ef0756 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcc7e96818979558a96bf1afe02a3cad |
| SHA1 | 4a8d45bd78cc8d992eba1c8bd265e67cd1d7f487 |
| SHA256 | d849be01377d00658970c8082333ec357b56f5ad36e3b994ed6b171f70721f79 |
| SHA512 | 3bcf3c42ebf08d0c759a36e7726427bc3a3349d5997db3d5063ae810b5dfda95be77d5c2afb22c0c6ad959c1b2d348ff5e3f052279698ccdf84da080e7606ffb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2209802d8a7a2466de02123bfb6d08e5 |
| SHA1 | f5c07d28fe48314c18db7f5fedc4bc44eae448ec |
| SHA256 | 73aebd214388d68c5f7adfd6636dabaec4f9c0e9b859e15a8bb2f3fec2d96e5a |
| SHA512 | 612a016789cc95b0c281841938a2d9155a484aa1d680aa6bf936e2b035dd995389e0e7ebb0360dabeac28aea8f1431fcaa1a6a7da7924efa9af24d9b4606b184 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d74a4a76d345dc59bc85f142b89823c |
| SHA1 | 2a2263a75591a94db6420a918ed16ffa35fe6418 |
| SHA256 | 73970273c32ad92cfbdb341005e9111623c240284f1e3bd175719985eaf284a5 |
| SHA512 | 431488933c5b0322c80fb72bc6d706b6cf3356bffb39077452c37bb23ffce03c33ee6b2cb65f042ffdebca6411a628953b566e374eaf9102ced1a14b8771d4f4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bed5b55bcf51e5b300299e175c56198 |
| SHA1 | 655fb980a9dd7698d72270f1af16b9bb2ad36081 |
| SHA256 | 39e262274414b3261976f5deef3cd0d87954569896b3f868e6c6bb53d11b3b5b |
| SHA512 | d645edb6384620f245454c017ab0c55e9472ef5a6336c4a3a25d7cc8d991968e7c3e9f0352e22a2c421a9a48ba383e69484c2a9c0c9f7f3c8a0f64761248524e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d1fbb80e955ec4d24819a3e30b80b52 |
| SHA1 | a4bb682c9c2576cfee17b87092edc4190e5004d2 |
| SHA256 | 99c3d49e62c1911c28f2275d3ed50a5c5003488d427a132a3252eee9e08703c8 |
| SHA512 | 9637c0bb1dcc272861181cad2f1e7fd774380f1c2245d30797361f74275c735a4275a148ab8b8609ab933ffaff1712c98cc550fb630d52cfc3e4f5466a2d04df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43658cf7a9fe9c1c9c696d652f3ec1e9 |
| SHA1 | c6d1ff594ab17179efbd71ff1fbb67cc260302f1 |
| SHA256 | 754d774491de4d43999276ea6931197f21da326ef0c19f9a538c9bcaef9a5901 |
| SHA512 | b407e4d6a0033fe24ef15c0e877db1b560858cc561234590ff0589eeafe0350616dafa7908404a0cfd1a475494e4a8e962e4f768605ca9768b1a8c3aee8ae02c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecca8ad5cf33ddae203a481a78c991a0 |
| SHA1 | d76c83a256c402ab03828fbd06224159c72782ef |
| SHA256 | c690c4cc455af9928cc2b77371957945379dcea13f72b471a366f321d603f914 |
| SHA512 | d7c4cd6a4e0064b31f41517260834214685cbd9ac9a4a41bb00aab4c44e4ae065af851725de4ff216f72521874814e43266ce21b0a9def61b5e2c2f358eb2405 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e3c1ed8e022c62d5cd5af7e001de30b |
| SHA1 | 826755b312d8171cae7760fb62345265f0b992d7 |
| SHA256 | 555038ab56a90d665690a9db0a9d5795ed239ccb352cc55aff6adb1e9506a470 |
| SHA512 | 46f5d98b343656ae681aa5e98c972432b9d33ee17eee78eccec8fe7953e8db8eeaffa8d21816d597f59081f8bc333d4c736c5e485e5423caecfd9e9db06a1a97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19473fe64560c35a93baec80952bb7f1 |
| SHA1 | e7d7cb8a15c2b2a7f42c8ca9b0cae1ae61787024 |
| SHA256 | 92b1b2fcae2afb44e6fe3dc381c50d3ba6789e890f37f6060c94f039a19db849 |
| SHA512 | 78901fbab7c29e5d8f8bc8612764765740582895ff317a824b8d98500213d29c40fcb464517d9754eaa4f9c1bdbd8c8e413b12d655b61e8d230de9435a70514a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7d7b2802041d70cbaef54130d4432f4 |
| SHA1 | e3278b54f291e79bccc7e1e5473bc6c549c71037 |
| SHA256 | 9912e5435a5ea4e83a5dc4a165d29299334c0e56bae3836ecb583a712c85ed02 |
| SHA512 | c1bf885a66d1cc2d5739b10bb86d743a2af8f99ceaddb8e1023c1b4c6bae3448bcdfd0aae07d929850ded6141cfd04bfc96f57d71fb02e737fa41191dad45691 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa4f11ce5bdca4f0c41bfb231c306e20 |
| SHA1 | e449a902529eeedf9071ef645c3eeaa299b21cfa |
| SHA256 | 3a02ada685f35b2171a43e9d1ffb1cada7d3795a25709fa8344decec33098d66 |
| SHA512 | f281f51fcbbf3c0a9e74e2c0ce3fb5308bbefba018fefc46e461773b38e5bd0f7de748ffbe08fe7f0618f924ed4aae397db3b84b31a8b1737b2d1a2dec0a21fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7f26928b1fa847f49c0f78a5652da58 |
| SHA1 | 96f5c1ee6a4f457e19a84a45a3bab0199a09b586 |
| SHA256 | d4be23ed257d9d12ae3753c18c721cd55ee92015f36593a2d943dc0428af7e8f |
| SHA512 | fdc4e886b399b774d9d59e67d295713dd225d2b1ba87aad42430988438c4e6eedc0a8313c969573bc5bbb0341825f8ff51215c6a4bd2a1df3acaf3cc04d63b6d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:20
Reported
2024-06-13 10:23
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50dff5818d955865febcb71a9aad417_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=3692,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=3900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4868,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=4932,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5280,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5284,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5240,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6132,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |