Analysis Overview
SHA256
187d3dde780d1859a391132448027e125f209274bc4082f5638bbf080295b9a7
Threat Level: No (potentially) malicious behavior was detected
The file a5ce12d9334b9f51fead67cdf2d926dc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:32
Reported
2024-06-13 13:35
Platform
win7-20240221-en
Max time kernel
133s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000886ebbecb4a9b94d9936fa4325b02b1700000000020000000000106600000001000020000000c8c398b8d6f5b38f9f518ec29565daed6751fc9bac8a26e862387145eb0293c3000000000e800000000200002000000051ec051c39cc613a0b31cf215a2b1104e695e512b05781c6fd5fbd4de1c45e8590000000ad32f68534fbad46bd55766fe7a4864fcc0decafff68b8333ee555dfb23563aaa944f2392a895d5e02dd418cad682f6e78eecdaff374ef54ecb17bee5ad5ac5644bf1f61f26e3094af5711824d0d38d414a41651694bed99c89aa954fe8a72c013b7da0e578a882cb1eda0fab52461d0c0acb73e9c6d074381bbd961567db8874c3583eab1e6238b60c837fbd06ce7144000000030a96987209955806c96995a26ee5a62812dffed0502a2fc5f45b659b502df393f21f433af92ac243e6b4504e05c81ef4a9fee6f61527c0870e7a6c2cb94af3f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447445" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d09c2a4796bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{72AC8531-2989-11EF-9F07-6E6327E9C5D7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000886ebbecb4a9b94d9936fa4325b02b170000000002000000000010660000000100002000000001184bb9819f9de02dedbec1a0c679c39e55b4313c5c8e5e79a50ea008809f32000000000e8000000002000020000000ddf73066967ca008f5895f356fcf0dc79c2336e38bf9cc2e8a75941ddfb1cb3e20000000f11beb66e31e61b74aca3b06558aafee004c63fd465872bb46d0865ec3273e8640000000ffbc410c49120752a799e631fd2d7d71a0a461ed09d870d751f4eb85b1f9e688e5160a51d6e8d169f5facd232dfeefff778604f1e72fa5789fbd3eeb54a9630b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 3068 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3068 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3068 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 3068 wrote to memory of 1984 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5ce12d9334b9f51fead67cdf2d926dc_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3068 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab23F8.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2508.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2183528f5d4727ba7fd868803db22050 |
| SHA1 | f5b9fd5870e1887894dc9c60b469ba489df0cc59 |
| SHA256 | 5263870da866d0fded036f5855aef71b703fb02820367012a8d9e45777bf6074 |
| SHA512 | 99eac7674682c03eb7dc53f3a89aa45f0805bb7c4d1002b49fa47ea7348163b764dc83241cde96f06dbd6b10a553801319303cbb4511c96fe0b76822aeebc945 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aeb720d58c0abbefe41d19a4da9cf8e3 |
| SHA1 | 60ed36a83b2229da08e862426123703dbcd464b4 |
| SHA256 | dfd9c04d6592317bdaa28c132a3d1f24f3ec6741dbb0f8e89cae6b665e6f4518 |
| SHA512 | c2cafd9d9f2ce004ad938429e1b46ae1ef10a61a5268b696e1b3e0f8eea46af62511a0553b21ff27898b0f58daf765cb366ff6ec65be9bd7c786244691cee457 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7fc016f8ccb2b008d361192216d8f3b |
| SHA1 | f1fa5e45346a70c8a1ff0ea9e84ad262b0af2e5e |
| SHA256 | 2c4e8da841c1c192c5399abbb75eff5a5b6ccac3dd7876002e8a0fc22cc74e8d |
| SHA512 | 3b84bea1d8c62ec272cd44f18ed74ae76fd1be95379e981ed8fa5eab236863c2100914e33f82c51f8884db1dc6258fa287f9b89beb6f28eca83a418a393b8c6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 203ad892659f7775540f8403bc972b37 |
| SHA1 | 22b782b2a7f8e6a28722e309f5bb31d8e5bcf784 |
| SHA256 | 4d4799437ff544844783479c971d5649f2d3f728ae6ec7a916ae77dd0fd88a4c |
| SHA512 | 714155d684ffa93af70bf0ea3f6371e4a544b0f01cbd2f48ad8a2b8dcc97d4c1a9685d0d232eaab614fdde188da8cf9c58d9619b68717bcdfd5a20ba82553f28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d6848203d5a8f5f5caa621a51ca527b |
| SHA1 | 9eac459c4d441b428c2dc8b4ca78d473341cd8e8 |
| SHA256 | b37c5c538d6072f9fdfaab84f37cfc59f9a7a4c487869fbbe4317cd9e505b2a8 |
| SHA512 | 5af51d09f3ab1f77c38874225878903b25da225c02c96cdf559589f579c6311274877fadf34d5466621dc3354865c34b9a99eb9e01c10fd7fed61872c31f227b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df9360c89fdc7fe268f3fdf76f07f076 |
| SHA1 | 961b52022f118c16d4c7fec93fe383170c191146 |
| SHA256 | 12f9c7c4c615d154fc7e582c0fba1d5b833ba0c85b03e78fbffa11ec606e2bd1 |
| SHA512 | 999604b92d62cf5af749dfeec70b634d804438b414d649028d48d7559d4eea3cbf01f84bb6d1d315573126e2803ec044de8790e333907d8278db32dfbf0d084d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fc84ceeccc3abd095ec253f2bae22c1 |
| SHA1 | c9e42ee6a95a54f340ebde17138a642381b42364 |
| SHA256 | 4d1f2dd4751d5638953f9dd1337e7d2960a1518fdea9a9764572713598c12fb8 |
| SHA512 | 9f856ad58c7e7ed51aff46643b0a50a4ae7bef332a50f60edf88ef97d50298f8e53d60e5a893cdd51a3b14619e1612babb0c25aa301ff4bf2639f0e95bf1a04b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f06a80a68bc48d885badacc155c86c31 |
| SHA1 | 7974dabe564656a53bae1c3838512f595f1018dc |
| SHA256 | e6496b3e75bf2d4725a9b8dbbf0be1faae94e157c9b8ed18c2b2df9f84393dad |
| SHA512 | ec287eacfb9592bf7fe9b143098dde7893c5e04fcb0b5abacdb28b377a34caa52e4c0f68786aecf0ce3b725aa71d13239b51cb78e2f97ef1753329ef6b43b2ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7079d9bd3b8b1b6582c090a2f0f8b913 |
| SHA1 | 85484eb16cfba25b10a91fa2ea6123ece40cec3f |
| SHA256 | 372646c37d1f2ae6354e12f14f61f88b2ba01ccdd717da1ac77cf99e42705585 |
| SHA512 | 367d9c34eb3ed84a7aa619f723cf395a64baf37c250fd7094ac9beea450ee15d889e3fa7d7529d61bd7d8bf0a2ad096b35a318cd829abc823188bfbce6cda394 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43806748fab63ea390d8b9274f149739 |
| SHA1 | ff5485ffaa9ea85cdc78331be3934778cd3808a0 |
| SHA256 | 8650a1c65b951041a9f67de12cd4afea10a877adc8402827da4f89a74f0eeecf |
| SHA512 | d4420168406968822daf59079a3db3408f3b1b4fdae52beb0d07c31d0918b18560baaf50757f7d411877727a040b4e0ee3ac06cc218280279591ab5185626272 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5ba6afb105169bdae37d3e2765dad2f |
| SHA1 | e56ddb9a66750aeabdf731c92fe752f3c14e0dd8 |
| SHA256 | ea2469585abbd5ae83479fa075877aec1d9163340858dd99cf6ffd92f4417e14 |
| SHA512 | 337680edad732f7ed3ff6a3df0ae4f13e9ed1f4279315963553da1596fc91a9629a1143f9a7f12e831b8ef4a3ba7b939a7e70066765a318804b21c60a9d6b030 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6b64f3cd0c75d66e51562f627fc26f9 |
| SHA1 | 7176d66786c8f131b349f3cd625caa09c6973475 |
| SHA256 | e1403077578ac5f054861e21c6fd37a1fa3e2a7598297b24fd2652ed36504b9b |
| SHA512 | 5674746dadd113e288cc1d9ba1ea6c6518baa9af4620d5e4ac6d5f79a84684f5969dd999a8af37a8e2cc992e3fc24df128dc94d26dd41c3830ba0b2b1119611d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b93627eff25d0718f0c9e6cb61719281 |
| SHA1 | 8e76ea7dd63e38b0eec778d80a7fbcae6a715fd1 |
| SHA256 | 7d4dfe6f2e78cb089f250c753df0e2bc6abf706adcc03a63243d97df6e9aa5ee |
| SHA512 | afc71b19babaadf94f0fa2942868533e4acfbf2db439dae974bc3029c2dbbdcabf64c792342e269b0b582747e907810214469b0d6da4793120cf4cdd769bdaab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e740b93cab17998d13cb8bbca8a2e81 |
| SHA1 | 3f5a159ee35b50accddbacf64523ec872b5e6e7f |
| SHA256 | e5a2d31deed43d7022c115a23b85c0edd38323c2a27c41f5d4aca264291d330c |
| SHA512 | cbdcb59fcd3ba7e79267101c1e1f0cacee9b938d712cd13f6bb26a42d23f6e77059549f870b25e966cec95cccf1a3f07ac5ea3442dea5cac05c3c6769f518581 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3279faa2cbe873cd1344323ac59a2faf |
| SHA1 | 5907fcf68ed0fb74d8451a09768ad1cc764f3f02 |
| SHA256 | c76d0c80adf17f112641ce0e987749ccb3a2bc3784112e08184f86165baca641 |
| SHA512 | 7942bcb490ed914039cba0287d26008c84a963af055fae10111ad0b8262fcdbe82500fb9a93e8eed6ab647924ffc1635baa99691af9bfc8fb8644eeff7cce726 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8171c112c1dbe3fd0c5c8fa73696f62 |
| SHA1 | 87615669df904d10d03c1f4e8b8c564177daa497 |
| SHA256 | 6f60d2f282e678cd5b5b972a7ee1234baf764f45cbb48555fd5bcd591090ee26 |
| SHA512 | afef44dff78647cff6d2f092a9b917dcf56f78172dd1ef98bad10c0bed0928987d20cbe6326461c766c699e84aed34a494b565f76ba3ce023734c1bb438d0656 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c42a8e263fc8df6ebc24ce78418f962f |
| SHA1 | a43c4a0fc17d6ab28165ccc016b0a12cb2e6244d |
| SHA256 | 82bfbe103ffdbee3b2fecc7dd75687a41fdf22db7e505dd4709bdaaf3091c667 |
| SHA512 | b5fc3f486da87f5b7b62828059dea0f83a890cb7355e485c3ab86d0d02124151b6753bd93f3dd9e9b2a47e69120fddde5769968fcb70f3a60df3d3db7700096f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 054a1626a78fa291aff07cca222ccbbf |
| SHA1 | 5832f61920dc9cf1fb277437470cbf417d7e2102 |
| SHA256 | 26e309c585005fe2ac97ce325e624039dab58ca560c9c12aace88d4c5ea43e59 |
| SHA512 | 6ce91c8b113e057f72a0d0ad3999015cb3e8aff81df9ac313e02c6fe0e1bd74f1ebb906d7444f1ab21935e8d1b19d7f7fd91e4c30fc993b08b67c9cc504f6dec |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:32
Reported
2024-06-13 13:35
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5ce12d9334b9f51fead67cdf2d926dc_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3804,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=3000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3808,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4248,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5376,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5480,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5960,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6132,i,7012731823941922179,12386606396608877869,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |