Analysis Overview
SHA256
af302c31e25f213d05c348777154717239e1eda275b68819356d767e511dfc56
Threat Level: No (potentially) malicious behavior was detected
The file a5d470d7b70c885e8c0dbd1e33b08589_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:38
Reported
2024-06-13 13:41
Platform
win7-20240221-en
Max time kernel
120s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a2fd07c233ec3e488b3a8873a80a51b500000000020000000000106600000001000020000000877df2199b6c65f1b11be230c630b96939fdc5a2e3ed8960c8003ab8b9942456000000000e80000000020000200000002c16a8610abd82642a9fb84fc7adaff81554303b1aebe1c51e1a1bf02f59a51490000000fd7a06cbe14713b464a7eed427175086c5841062f40be1583fe8b1b4eb9d85c4971353be165a68c9960139dec18230aa55677be0d261791ae0f2d3027c013138bf2d2d87dd67a2ddcb9c8adfeecb89d9f7454fc9aa7a7e175d9c692f6a9b5a4ed1b3cb5afd7eac30326dbd17ef4a1a1e8fae9e65a06fa23f9183128a1699528259414d9b2f5a53b5ec8376a04662e36e400000007672917982885c531283db20f21b948cc5d365ae63945b944ffeb6b9aba35dedcc514a39a92b12e232884f0ec387f48ddf7d7db37273275505b71c81685219ec | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C29D981-298A-11EF-83C2-E25BC60B6402} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30402a1697bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447784" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a2fd07c233ec3e488b3a8873a80a51b500000000020000000000106600000001000020000000ff9731710958ca15477fab6e698c27188ef56f1a8242d6c706cfe1d6a6a25783000000000e8000000002000020000000d811f07963f1e62a325c1a6bb4a4b2306561c95315283ba8b4f7c1db5327421c20000000bf78a9ba7fc1e1578472ad7852430824f8457993112742f4cf57eb48830064ff4000000068f555fb6f14a055f41c9c3ba3b94259e270e4d7bc2f55c11214a6ddce94d62d55c3823160081d06f0ef61fd8d9bb9c36e4e724093872a0a5d1409e986561284 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2524 wrote to memory of 2736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2524 wrote to memory of 2736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2524 wrote to memory of 2736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2524 wrote to memory of 2736 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d470d7b70c885e8c0dbd1e33b08589_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | images.fx168.com | udp |
| US | 8.8.8.8:53 | service.fx168.com | udp |
| US | 8.8.8.8:53 | www.thejo.win | udp |
| US | 8.8.8.8:53 | industry.fx168.com | udp |
| US | 8.8.8.8:53 | news.fx168.com | udp |
| US | 8.8.8.8:53 | forex.fx168.com | udp |
| US | 8.8.8.8:53 | oil.fx168.com | udp |
| US | 8.8.8.8:53 | 24k99.fx168.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab5979.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar5A6A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 731893729ccf40e987805d5b657e49cc |
| SHA1 | bd40bf71d9a561c1d2b7dd1dd4dd263082f44347 |
| SHA256 | d64bacb41ca4810c682a5ebe9eff8e0d507640f0f1d02b7571a6fbb853a2ad4f |
| SHA512 | 345d7bb5b6e22f3bad22a97dcefc35605aa560c0b9cf728951cdb2a9b3d3301b15b2f5109c23ac062088c96722a1d751b50225d3bc248272b260b7c28c6924ca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86efa94c61c8efa207c93721b4c9f2eb |
| SHA1 | 9c5005c20425149889bd28ac97b2b4d0012d75ba |
| SHA256 | 85c3bd2d022c34dcfbdebce897d3489e8b8d47c8619a8eb494ac4263047d326f |
| SHA512 | 757e25db8723a6d4b3c2cbeb20081dc6a700be676489f0638edfca1cf0ad0538a41c4b901d037d9f8c86732751988d6df255502e72af51864fd7ef5df22d9d9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48e4527790cbb64b6d5428f3f18ce4ef |
| SHA1 | 4d31ef32ffc8de31ad28dd6eee0ef370ce8fb32c |
| SHA256 | 2e045ccb76199491323960131c69af5be3f2ba92c90363a392243bdd71a122ef |
| SHA512 | 7332c040f5d64669819e270527a5390f535bb6d2cf5c83ca4b1a776a7526b10fd39c1fe6c185c33fef11b41b61a88ad2988611f62064b7cb5f1087f2d5e20574 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbba521c3cf598183c809c3fc95a9ae2 |
| SHA1 | 55efd34f8239952c2815c5afc6b9eabf85b20f54 |
| SHA256 | bdb395afd4eb2a990974195f245c623f631f71eed2f5f7d540c110c9924de179 |
| SHA512 | 115249a4477406015b72c0e45c57405033882b076007d4b6f879e89d269b7846a75bd9829c79fef165f8c40d555593ba7b1219d8504d8ae224541f7278bbb870 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4a7be21906e6fadb7a16e89454bd3d9 |
| SHA1 | 9ef496251b21f680f50f721e0262943767eb9f80 |
| SHA256 | 3a2acd171bec67edaa5dc4ee9816ca59379f40b248085e671c73733a0963fa76 |
| SHA512 | cdcdc58b57b6e800878e3c87ec006fabc2ac233a080d5a97f9e7e0f68b6af0da75629994f4e38e4824a52a2346d4c3d12284e4ec8041870b47b7c68bf4007d2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1960b08adaeafdbd51defd4763c73565 |
| SHA1 | fc2ae1c38d801ff3d42896db07bc4ec937328f62 |
| SHA256 | 55e92d86811809af302ea9a6d19d59aa3fbb26a99689b7d049faf04d50b3548e |
| SHA512 | d09767a76ace3b15829bdb562655e6aaefbe09ac102a87e31558801f98625da632c9e05878c7ff91ee5f36504a8d7771a7f966181765c7f10a1beb17ecbd8f49 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e9a8575419052e69a523457194c0835 |
| SHA1 | b3bd897f8f3809b1a02399230657cf3ccab3508b |
| SHA256 | a28e35b2b78b3a894e2f0e8d151a6b9cbc57614bab9b6bfe21efc2baa7f2e980 |
| SHA512 | e4bacc6f69ded107f8aafe384e1febafa1d9b6b7cbc903c4a97eefe4798b0b13971ca6ff3bc6ced59426343b8b59bd0e4b4d4c4e742dee673383af5e62f5ed91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3be18dc90a84fba3e67cab57ea194648 |
| SHA1 | d934f930784ebeb5c7b9cf2b16cd79d2de1ff05a |
| SHA256 | 045692941d7f16a6ffe93c88f5def1173a019facb5cea4615dad2466cbcb2e9c |
| SHA512 | 0e64b0a8fddef87219f567a27b02ab5e423d01e67486eb8ea2761eb0c5397698f70e90cab3aa702461b3c521e121f5d7ee17e7c9a5ff201de6de5e0db3c83ada |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d95bb8ee281a5e74c1b1157dd9456406 |
| SHA1 | 7f8c7f7030366d4f38bf9dbb0161f679e2db5d8c |
| SHA256 | 03a803a015d91d5bf206eb69d1ee419a600ec0d94ac56997a10db8c44c45fc75 |
| SHA512 | 0c7ca23d4af4550f4774acd39f4dd2dffb35d269dfca33af6502cb9b939d0de57c660ae1336f0b4bd59e6b722884a4611167e456de1205e89fe80c2bdcd5235b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adff4763fcc20b8a34398142bcaa9f97 |
| SHA1 | f67ab5b03e4115e8b128f5e2d257419e43d5605a |
| SHA256 | 1c9127a6bf9016375a3fdcd68a16829a111f1ce97c13c39f9d2d84909ba53d82 |
| SHA512 | 4da5cc9e30aaee502c9320a3c8867c64c039372d02a8e9950c8ff8e3ae72594dcf69de190b1ce2d36d05e448496b8a7f77f3747c7bb0cb6e1ee6e9b19ad92336 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce200d77ae9d1195eb0faab2e22ca00e |
| SHA1 | 3e2a276ffcf56f82a8dfc5c463268fba371d1f3b |
| SHA256 | 84ddee8100b5eb7688d167624a5bd6d1ee1f633c5336092902c647b4a744f4a4 |
| SHA512 | a3197a2f37e02ac7c78314c5e9e49700654d84df20c3068939be816481c083131cd3be5058fd7e56fb162b4dc5bb3f458214691e9980bf8467159a697be39b8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7f497efa6392840fd73c2d6756a55a9f |
| SHA1 | 60eb1dc04dc51f17474ae6c785f5d567059c9f90 |
| SHA256 | 840d3bed4fd6476b6983a3617bef1de80bebc3c70e31687685b6904fc7d66090 |
| SHA512 | 8d25a29ced1a57e76e82906ba4561aa85c665ac40ff1004cbc1018545d2817803d6eef4df4b232befe690c9da03e878a622b6ed1af26a96581f85bacdbd7eaa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65feff387d0f56b838be27c02268c3c1 |
| SHA1 | 66cb12e0570b26dfbb09c5d597200a7dadeec773 |
| SHA256 | e4ec9212df276152c06775f9a1c5c96c7ce08603edbcb7540f3a269c61ce95a1 |
| SHA512 | 5e9f0863fe4b43d87074757afcfd832463db2ffbf044464df2e807e313b7f992465cfe962b5e6cfed3181ec0569a2b87f1e4a92fd48d3f48364c22042f8c8896 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e192e6b2784c862b49c9b06ce9e626d |
| SHA1 | edd352f3b08239b5ace83e4e18df11fd1dee61c7 |
| SHA256 | 96d216b45726e524dff0533192e4aa18832c88758b24b83db1c9de4e5a6a35c6 |
| SHA512 | d9ac2d1e9a61266881c3bf9836104ac7dfa0fc9d31e18460b95e07046868030a686906213bc1687fa0381b97d65411eb9e7d9c6080fde1adee28a21bebb2bd11 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64191261e973638828850ff376fc3ec5 |
| SHA1 | 7c01cd4519c07dc95faad301e4791a3cc49663d0 |
| SHA256 | a7ab57b80ab44d05ab33105cc2bdc3cbbeaa3cfecd33abbf1acc62bab775d99b |
| SHA512 | b1c7f03c6111918686f592d66be229bd8e6ef01b6646c1743c6ff6bea38140d09d9604d3208716b44742664a9329d145b35f6fb0ee6f57c7e3a4a4290fa0480d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d0737c7f18ec0a838e37dcffdd2fb4e6 |
| SHA1 | 27bc9f656080983d38a4f2dcc2613779e3fe16d4 |
| SHA256 | b1a41a0c97a4f283599faa5034f7ce9ac4c31ad928e2ed5cb99d950c2ae0af31 |
| SHA512 | 8b7cf6401aab7041f82d522495a57500a237d3b97149faecd0ad73654a19bff9abeb37fbfed6debac02fb7d61cc617e64cd368f2e4c5c8d95d9243e3aea5dac1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe0a9a1a4f7fcf8425987040a52a1ca0 |
| SHA1 | 0b68c83e0769d1a61158183f94d4fbcbb981b15b |
| SHA256 | 301bf4ed1cf72485172a517f1cc5df36892ecd1989d0f43fe253e6190971f472 |
| SHA512 | e991849269c843e7507fea88fd23a554410b11b9b808c313caf2afad139f554d5ac2a59126d7b7a8e9f0bec4df53da77c105ca875861be7a052d2ae9d4e78cae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dbcf3fc4809f0e97a6d94f81f739c25a |
| SHA1 | 92d8b6b7623c19fbb8d675a6c847a6410a047bb5 |
| SHA256 | ee7aa372f1e70b94e839eae340e4dfaea1eeb114ed122bc13e6242d20e2caab7 |
| SHA512 | 872f27ee3d8fb104b6e4f9cb6038d04f1948bdf5bf05c0f02d159fa94db753a818ba6b39151400151e8a76bf09bfa1bc132cbe0314860d4189c8def0b715bb1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3186e1327ce644c5f82d1071fa382ee |
| SHA1 | 06204c579f159e98ad53e366b30da90aa89e63c3 |
| SHA256 | 20b3124d3d90a673b08e8d83325218d8b646fa72f650b97d58aff2c6b9892050 |
| SHA512 | 947912bff9e7ce9a6627a4681d3ff7bb68c25fbc51214ada8825a46a75db2fd161e28493164328c8b4b2182eaa3c9e546e30bfcd27aabd9184a9eed403c42970 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72b5751d3af9fd3f45d525c52dee0d3d |
| SHA1 | 66d153684a47e4aeb71047a43a0c1d819149fd3b |
| SHA256 | 17afe865874f71f6d702be82a038e68fe6a2139ffee52f520f586596767a01d9 |
| SHA512 | 4332e77ccf63783e48b2eef43b10ddfce6be12452746200d991011628344f91e062e427acf9149f3b88864bbd44340197ad962a67e3a8faca388d04c7b483afc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62e5aef005d7025d27bdaf919f6faab1 |
| SHA1 | 9f24dd45b26a34b79e040d0c7d41b763ccece7da |
| SHA256 | 75246489d733fdacd390cb4d176cb59bbe97a91e45991dbc43942766463909c9 |
| SHA512 | 66ea3e38fca63ad453ae8cb49816f462d197e379a7a9a23b90f524e4f2753d9f15a8bd48863cfeb175dc8c31383302a91c977041d3ff02f8afa30086d566447d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:38
Reported
2024-06-13 13:41
Platform
win10v2004-20240226-en
Max time kernel
142s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d470d7b70c885e8c0dbd1e33b08589_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4768 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5032 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3716 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5404 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4332 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5732 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.thejo.win | udp |
| US | 8.8.8.8:53 | www.thejo.win | udp |
| US | 8.8.8.8:53 | images.fx168.com | udp |
| US | 8.8.8.8:53 | images.fx168.com | udp |
| US | 8.8.8.8:53 | service.fx168.com | udp |
| US | 8.8.8.8:53 | service.fx168.com | udp |
| US | 8.8.8.8:53 | industry.fx168.com | udp |
| US | 8.8.8.8:53 | industry.fx168.com | udp |
| US | 8.8.8.8:53 | www.thejo.win | udp |
| US | 8.8.8.8:53 | industry.fx168.com | udp |
| US | 8.8.8.8:53 | service.fx168.com | udp |
| US | 8.8.8.8:53 | images.fx168.com | udp |
| US | 8.8.8.8:53 | industry.fx168.com | udp |
| US | 8.8.8.8:53 | industry.fx168.com | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 8.8.8.8:53 | news.fx168.com | udp |
| US | 8.8.8.8:53 | news.fx168.com | udp |
| US | 8.8.8.8:53 | service.fx168.com | udp |
| US | 8.8.8.8:53 | service.fx168.com | udp |
| US | 8.8.8.8:53 | news.fx168.com | udp |
| US | 163.181.154.236:445 | js.users.51.la | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 163.181.154.238:445 | js.users.51.la | tcp |
| US | 163.181.154.232:445 | js.users.51.la | tcp |
| US | 163.181.154.235:445 | js.users.51.la | tcp |
| US | 163.181.154.237:445 | js.users.51.la | tcp |
| US | 163.181.154.233:445 | js.users.51.la | tcp |
| US | 163.181.154.234:445 | js.users.51.la | tcp |
| US | 163.181.154.231:445 | js.users.51.la | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | forex.fx168.com | udp |
| US | 8.8.8.8:53 | forex.fx168.com | udp |
| US | 8.8.8.8:53 | oil.fx168.com | udp |
| US | 8.8.8.8:53 | oil.fx168.com | udp |
| US | 8.8.8.8:53 | news.fx168.com | udp |
| US | 8.8.8.8:53 | news.fx168.com | udp |
| US | 8.8.8.8:53 | 24k99.fx168.com | udp |
| US | 8.8.8.8:53 | 24k99.fx168.com | udp |
| US | 8.8.8.8:53 | forex.fx168.com | udp |
| US | 8.8.8.8:53 | oil.fx168.com | udp |
| US | 8.8.8.8:53 | 24k99.fx168.com | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.168.117.173:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.users.51.la | udp |
| US | 8.8.8.8:53 | images.fx168.com | udp |
| US | 8.8.8.8:53 | images.fx168.com | udp |
| US | 8.8.8.8:53 | images.fx168.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| BE | 88.221.83.203:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 203.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| BE | 2.17.107.104:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.173.189.20.in-addr.arpa | udp |