Analysis Overview
SHA256
8f981cf9ad6884c59579996cd8867b672c0f96b7a97211d68ab331e65c68786f
Threat Level: No (potentially) malicious behavior was detected
The file a510538a437b0c1036536b6f2af2cafa_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 10:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 10:23
Reported
2024-06-13 10:25
Platform
win7-20240611-en
Max time kernel
143s
Max time network
121s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000e0943b2615a43046d86bf7c9cdc56e8e8a805c699c6e18c6466655cfdf7a01dc000000000e8000000002000020000000f563ab42c64a039b0b3fd82911fae9dac69d95b6734b988fa5c140d598faddab9000000019e842d3485469cf46cd90f5b6c55067117c1b6129e68600bb4687ef995529ca9eb5ef330a9fad3d9cadc690e01c56558c25a4b9f270897eb3d16702fb2d2110ea77ed425444ee6cf296e2dfb126d5fac80c0958b8962ac19fc490f2b4e5cf396e755d7022affcbfa228e0b5b02b57b14860bc5e98692735c3dc5d7b3f0f6a6fcf5208cc0c790b2311b60d4ceedc218440000000bdd7461ae6aab0880d9555db7c98ca19d6b61ba7fcb66db01a54dc146ea76036a71666c6f9841092a77923f4c6cab8ae4243bcadac88f9ef1a696dbad9d87894 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3AA8211-296E-11EF-AFF4-E681C831DA43} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424436066" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000e7de58e9aa854f8c42dc0c5323f5e915a23106def034c42f0c75e67e73edd624000000000e8000000002000020000000ab068130d253dbb2150e44fcc7aee7bb1f3db25b5be14e12e8184979af82196620000000ea499012957615014f72789665c19ef8132dcf4db88d71bb0b24b4ed4b8f3179400000004c13bcd8c7b3248be0e8e4a753f8f01785f8237679cae3b30f7f7a39a17c6b9575f1434f62402d6e423764927f0b0a674fab35e1e32d2bd6ac0b0f04b9e913dc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60a43e0b7cbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2432 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2432 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2432 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2432 wrote to memory of 1708 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | q42.nqytc.cn | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab908.tmp
| MD5 | 2d3dcf90f6c99f47e7593ea250c9e749 |
| SHA1 | 51be82be4a272669983313565b4940d4b1385237 |
| SHA256 | 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4 |
| SHA512 | 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88e551f5073a1f2eb3f59e5202c724a7 |
| SHA1 | 72774e7352811257b72d58274b3157055ba6716b |
| SHA256 | 68bc97fa34735b37fc4b17a731173eab256885a732c7724381e0a2d7a32346b8 |
| SHA512 | fad87425940042c55a153493da0e3d20db434d9cf85dfa5ed8e669f1878a5100a8f64f8b9ff1fde4f2ea544b9125207d02ad2c5c1232be25ba372696a2d4c777 |
C:\Users\Admin\AppData\Local\Temp\Tar9F9.tmp
| MD5 | 7186ad693b8ad9444401bd9bcd2217c2 |
| SHA1 | 5c28ca10a650f6026b0df4737078fa4197f3bac1 |
| SHA256 | 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed |
| SHA512 | 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f24a6e727fee4b25293788badfe59baa |
| SHA1 | 2349ed044bac77321cf4a7149198b379a03f74b4 |
| SHA256 | 6805f04341bd684f2b3ae1398a66f6d72a12158d074f4a3a4d36b1b57d54a9b0 |
| SHA512 | 9c98869f1313d2c8d0560cf77d5e9798a6ee63ffd7fa9cda08f731c60ca8babf2d91da626838397c9faac61f50ac61a96dfb701ed707e9eb4d184ae3559eb2bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da74c6281659958b45b51ab53c92364a |
| SHA1 | f19f015fd47b042a111bfa8cb8c3e2edcddfc1f4 |
| SHA256 | 6e8ce360fc789548ab750d4b0ccb953bbfd5a31ddca2aca91475a2c71e4e034a |
| SHA512 | ced09ad19bd0a5f90209cad12ab0fff20cfce9ed44b9bc1c42a56fc32d3506b8749a21b5fe44a4162f367e385dc7b99fd4a3e67ef939f689456e16fbc34daac3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17799f41fd831f531374f300cf4f83b0 |
| SHA1 | 09b501155d978cf6d74478e21d487baa29e46d7a |
| SHA256 | f884b663f2c3da08ada2d812c4e6aafe7635634c9498a7d5226af7889d733144 |
| SHA512 | ad23d8af8cc7060057d00521d2ec1812aa36bb40fe4b0d93076e4da5fd84d9c9328dfe6d6c105b82eb8ba2dea0c3099aa1ebeae387c5e7dca22ba07f6b46fe44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 404791afdfbc0b51c6b19f14b4f9e15a |
| SHA1 | ffc8d39cdfe04c22f73c61866bab4a33b9ac720a |
| SHA256 | 1237f98ba25df70466d4d0d0f7f5f051ddda0159c1e4473913df6d39f225f5f9 |
| SHA512 | 71896c30ef56d9da2d8213e25f013c2f4403dfc3469d1f64aced99f7cffc96f2a12a57123758d71bb1d8388501e164478c0a1c028322d7433e191506ba448da7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 82f9c9af310e661796ea816e83b1e6fa |
| SHA1 | 15e47497d6757cc052576b9494cd46c8dfa4b972 |
| SHA256 | 0e7126036c50ae062cf4e50e4e4740dc3e603449004972345157b511dae2d377 |
| SHA512 | b38a2216bdee9747e3eeda4deb89a20b585e22ba830fe758b06cc45fc09e1822a564ec413e6d1c47115e35139c0fefd678355cfd20aeb9bbc2ae82cd9e32ed46 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db670f6416fc0f3718645333f3c96150 |
| SHA1 | 0a6bc6010c33e19a1415db657512840e01c1e8ff |
| SHA256 | 5559a7db2f7edb979d3c3f004c0dc4741eb92a8fe2ca3185fa2b5e2495fe15db |
| SHA512 | aadea18a11b5e4da4a652b62c4907d3001f2bd7b061f9d1c274075a28e590976858062b04fa95a20aa58b4fe64272f308e0f408b431cb9bfb65cd513b9c6d77b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb12c7a8c2972f85c7840365bbd67f1c |
| SHA1 | 13f90cf2000a886c6e9687e5938ddb27289ee012 |
| SHA256 | 523d4b246fd5c3ba8aeb641160a5e118d34b054fd429ce43384947b5ead6d8d9 |
| SHA512 | 82ef0e61ef5090a8cb75612a511ad914856bde08e47dcce2048da8ab48e467185f3be38116d02f776ce416f49082df4ebe04284b395f35b8b3344cfad47ad73b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5955e26cdf4cb4fd3d2fe48aa3b2698 |
| SHA1 | e3ed483719294c051032664506ba2aa95bc3bdb5 |
| SHA256 | b9894221062be43688732d6ffd37c64f94da0c80dec7c85f1fa6429d9a314229 |
| SHA512 | 110758381ac6a4e816a110f98ca93cde1b0eceaed34cc3e76accec2f3922083553f937b087a4cb7562ecd8a5d7a5d056f2715a8cff0bae8da9ade89c034c5793 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1166a2705d948bc57e5c5c5a0de281ea |
| SHA1 | 8015e7dada4e427c401ae7b709228cc62a3cbb18 |
| SHA256 | e696be0647a3fb5aeb39bb31725d8948b68cafcb5bfb698ae85132b2b39aa5f2 |
| SHA512 | 386c6c6d47387d95cf127a7813f2b26c299adcc239b917495557493a11bc5c3049e4809b144cab961cc2936cde0c9f7ee2edda46074ec62149248132225ec0bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ead9f4f9f76a73af731fde2cfcee74ad |
| SHA1 | 2be6788a91f87e00c9040e91a1596183760c4901 |
| SHA256 | c56cd24b79a0fc9ea5474e07de34b5db2b5f8266a585d3ae7060d1a17f2efd1c |
| SHA512 | fef9b644f33371126988109f06ca93da22de31ab74c8676222ae96832eaf57e2e844f12704d1d282986357b49051eb88c60db66d8754616ecbd2fd26f37fc263 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 491a33d8402623ee2151edfe34326694 |
| SHA1 | fecd49ffa22bc620cc01732093ac808acae5edcb |
| SHA256 | f5a4c88e2b0a38da73d23c1594221c88454445acd646b0c1f973ac98c07d1082 |
| SHA512 | 14e41ca3985c8b1e2dc0f05700c238bd68a1864d82bb5fc55937d034fc9ede6e1a01900418bbc11b51e7008286c2fa983f68ddbca6c574d61f64180922db9064 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e116233aa2fbd77e6a1292c7e577459 |
| SHA1 | cb59e2f4015be1f91d00225df533936aaea12d12 |
| SHA256 | 6b61e29649689272882c095af02c2cfa40aece3c64c4f7a46e86a9cb96fc1855 |
| SHA512 | 9dde085b2246f0c5ae4e1f79ce2385aba27f3612e6f1b0cbb8ab598a9d45a78f270242820b8f8b1b6541b6701d1539d75946f359c2a7ef0993cdbed7dce53fbe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb2bc9997c4b69dc04817466046c4c16 |
| SHA1 | 93a9524e50797ab19817eab5b6c881e1ab4fb11e |
| SHA256 | 8f42325d28524eca88b8091215af0480c5636702f8c530f953bb692bfaa5428e |
| SHA512 | 2cec1f7ebe66ce2409c034e073fb66f21bb2eb9200f547b071273bc1baba18fc1f44ca5450ed76b79afeae0d43b9ec084a7d95c5694e9b98174a7cbba43af5b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfe8400c4a34db7f5680c860cf0aab5c |
| SHA1 | 411da27f28a140b30a32ac557afbb1eea560d00c |
| SHA256 | f7cd7aab37325a1a5da6fe435eb18b7fe6d13b78c4a9f2740e8f914d16618632 |
| SHA512 | eb956cc11f99eee2aecd43dca456991acbe09eba8fc52c3d49b2321680c7fdbf0a4c314ace1d86a29f9c5f32f3848418814d621e9c39f45c358995196f4797e7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aea78bd17e4f446e3b6f8cf312f36bfb |
| SHA1 | 9b3f6fd96d4c2dba7a743583ab4cdbf7744d263e |
| SHA256 | 315fdb01f1beb51dc84abf54080c814d7240dc4773e4fe61413c24d86bc09dd9 |
| SHA512 | 34079692e1072d45e057db3d2e81c9db324e64a165e89e85db8442aeae88ed20dd2fafc0590ed36be7049fe4c1620f38be5370f83531db9a5beb8799c62f2a4e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd8f8e21b5df994d0a55f420214a2894 |
| SHA1 | bec8e3ebf043a3306cf518d37d852bb89492ef2c |
| SHA256 | c3fe51c15dfdffb32175f1d50bfbb976ace35eb8fa5dc9a54f4ceb566630f7ae |
| SHA512 | 070bd8871634011a17ece7294e67e0d61b7a6208afa3cdb8e3b02c804dddd3efa977905d56977977ffd4c512266747d0f2a8c8163805ca71ccb877c723e622ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ef2a915489f744d4772923b071cfc84 |
| SHA1 | 46b418a773b3308fcb60c8ce9e80900f2db0e754 |
| SHA256 | 2d911dbd5ae7397f9912b313d0206c293b3c28bae9878abd36a564d4286698f6 |
| SHA512 | c5231ce9faba97103c18607b3948d7909a0d876ffcfba7e2dc91341dea64d9642e8869fffa95aa2838df91b55727c9c3d0ba23b403e3df0bb2c8f8ac38e09b84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a8cfee84470fe8825c0719622f703be |
| SHA1 | cafb9658838a6f5880e0813b666711913c5e8431 |
| SHA256 | 2db797f780ce27ddbd9db9b3500f01c99613223c145d64c4460b122ece97f712 |
| SHA512 | 30b268ced8f0713e85e337910281f2b5c6bcbec40638623ef29e9ba6e08ae91dcdccf6a9df9cb6f8a1c2a2caa996342e2bd575cd0491fb423dd08b8e1c0bdd80 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 10:23
Reported
2024-06-13 10:25
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3852,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=764,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5216,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5488,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5508,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5296,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=4300,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=7164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4072,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | q42.nqytc.cn | udp |
| US | 8.8.8.8:53 | q42.nqytc.cn | udp |
| US | 8.8.8.8:53 | q42.nqytc.cn | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 2.20.12.101:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.238.35.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 13.87.96.169:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.161:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 161.61.62.23.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| NL | 23.62.61.89:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 89.61.62.23.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |