Analysis Overview
SHA256
caeb43d4c9ff995348b801abe9fda910cfec45de4f6ab5d523947a43a27a2e95
Threat Level: No (potentially) malicious behavior was detected
The file a5d5dad5cc9a42b66655eebf6519bf59_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 13:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 13:40
Reported
2024-06-13 13:42
Platform
win7-20240220-en
Max time kernel
146s
Max time network
147s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082fbf4556e66d04cb318b7c341007e230000000002000000000010660000000100002000000081dfcf73f6283f1150cffc0f9f94239b538e1e459aedf6ec58901bb7c0702f4d000000000e8000000002000020000000c0b22b6638d25bb14f5d4d111553c5ef7d52e8f5fa5655c7aba8ac3a2f2855f72000000066701d6bab8d675c99996dc69b69d23120cd75e3e862d743a9bc8e5fc716341d40000000d56b7a13525af589d2b9bddf8d91449a3f78a6cb3eb5ddfda5d39afbd9cd7748ece52d60131d1d889ca9210cea9060613c47e3e41a69a0ace6fcc99be738b181 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02d596797bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{799164A1-298A-11EF-8CD1-FA3492730900} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447887" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082fbf4556e66d04cb318b7c341007e2300000000020000000000106600000001000020000000c2f19a9821ade4c2585e6fa46288ed17f5e238f06fd5c07ce192725bb9f340cc000000000e800000000200002000000093bf12689823a89cc7051db5f3de07543490d915798fd1a8fc8c10890c87edb890000000449499d62320cf6fb6da09d30539dd8bf20bc706c4ed7052f24cacafa607cf258bb086fe0c66e7f5b29554ab533c96a048feffc52ef62b388d744f5c51cfc30a890cff718fcebabb9089e85acf59162b1c13d08d4d1af3199eb428979ff11e352b8ec3014a88ba62594af438a6f1c5e6d36b24a1c888e01275634c828e2b11266ae4a1b4a9ff4ca9395a147e71bc0fef40000000823f2d7e9b31f849d8572fe38ef68d76e8d11045daf0e107915274a03f2d7825c1d2cd57447ba038986a739aacfa5c20a0c8c603332f24a77910699d13e8069e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2200 wrote to memory of 2364 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 2364 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 2364 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2200 wrote to memory of 2364 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d5dad5cc9a42b66655eebf6519bf59_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 31.31.205.163:80 | razgovorchik.ru | tcp |
| RU | 90.156.132.125:80 | masterhost.ru | tcp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| RU | 88.212.202.52:80 | counter.yadro.ru | tcp |
| RU | 88.212.202.52:80 | counter.yadro.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| RU | 95.163.52.67:80 | dd.cb.b0.a1.top.list.ru | tcp |
| RU | 88.212.202.52:443 | counter.yadro.ru | tcp |
| US | 8.8.8.8:53 | top-fwz1.mail.ru | udp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 95.163.52.67:443 | top-fwz1.mail.ru | tcp |
| RU | 90.156.132.125:443 | masterhost.ru | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| MU | 41.212.227.208:80 | ads.serveuser.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar108B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f8ec9c7a0825e469491d146daa1d960 |
| SHA1 | 7b83d7db0af96ad5127ba7986cc4b95e250023d0 |
| SHA256 | 52cb5fd940637b8508862d840563ce815e6c5afeb3106f6dc530e0ec28f0b6bd |
| SHA512 | 8eda545ff19c188dab3414de9bd83f59d4da2ab65eab8ba818a3edc714100d18e4143aba40acfb23e98c58528f1ef23a271ad26bd6d5f5d556eb9c7db25a6dd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e2ccbd9a9782ab54b455b9cb35de5b7 |
| SHA1 | 5beea9aa38ae0383aefd25c6b8d912b69381f752 |
| SHA256 | 0c897eddf6051efe35c31b84cf1485ac054518c9c554fdeea004d59a484841dd |
| SHA512 | c2e671d989bfbd45c9c442399e77af8e5b2fe4e94052a7a04eeb8b80c0e8731c04a2a5ff8aa2454a5390a0f3b4552ac0dba56116fc0a0d7ed892b780a61babbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 7f69c6bc60750ae35a4683f1e9d10976 |
| SHA1 | e30a064a3b0b483b9b1c5056cec3caba74f585b0 |
| SHA256 | 9308808a6e7afb63e583bf81454a74606c7eed4b792892e08938f2453096e649 |
| SHA512 | 92696a869af35c8e871325f8c9bd39d7692150d36111afb70fac76de029cd3a33cb9f3121d1ac8120b678c5c5507b6bf444416fcc700130536e933c3379e7031 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ce1707d9fbaf8e2d8f865b210aafdc6e |
| SHA1 | 758adf21ee02259cb72b635b809a7865a00bd608 |
| SHA256 | 1b73571245427a259913d2da83618d0dbd321524be08344b632fe2ca22463aac |
| SHA512 | 50bea8941f49d4772e6dbe99d007f762779b6c910bce53fa8ca05ee72f308e295bd41f600115ac22d13fe272d6921ca5fce126667dd8fdc3825e8c4e8d1cb937 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 25904c49f09a021cb7511461ba3a42ac |
| SHA1 | 5f5ee6cb62163d5b21272c2cd7ed80a700abc899 |
| SHA256 | 9028188c14263eb95123cd1326a2cd2850518d97faedcdc28d623df4a1d91cd3 |
| SHA512 | ccfd2ad9fe567cfbd6f542a145f54db8a9e707d047ec9542d24131e2f607489cab917c40782bcbfe2369f80b32aa0f2d4c868d5d33ed2022797a303c15a7115d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d2e6c9f249f8bbc18da2f82e6cfe89a |
| SHA1 | a20a122231805396e2d1b3c4da1be1ac7bb3f734 |
| SHA256 | ea802bc54e93f1dd8b160d1ec3af38b18c16fe151a8f38e88411af986d966077 |
| SHA512 | 6a6e44418cb9e1fa24d0081b93a34180bf9ea6a28295c7296acd33a8bd406e13379ee57d7159b075725392f2125682d6331cf3678d59f4fb777f208871c9a6b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c027b9dc9a8a63b1479a058a6101664f |
| SHA1 | 77e1f407dabd52263e7d6254ec9fda7e464e3b1e |
| SHA256 | bf5d31651fcc0e4986c0edb1449466df1ad32625afc8bf5ee723f56467af6a02 |
| SHA512 | fc1ef1e1e28d4e283662872d5a4272a23ec93143c69c09870703a68e98d9c7d7ef0878e1a417ace0310c856aefa5cc89411c11ed8c79795a0c9faf418dc50cda |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 965f299c0752d5ca61fcd441f4a39c56 |
| SHA1 | 2c3e1759abc8c510751c620a9a2d0b897ed1dec1 |
| SHA256 | 6dd1d360d1a4fab07620c76c46bc7edcfd0643adff7b98db6767138fe7d56c66 |
| SHA512 | b3a7669e973ae2f1a442d119f08fc8cd83c7166d04d328dcdb0dc4a5b677098af4fb899cc73dcaa3b5d519cc36347c5b097213c2da4788bd629d48fbdc30a92c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f27f9ad90492450ed0735d020ccdb0e4 |
| SHA1 | f11fa1d4da2d1c96f32d0d60cbfefadd03c0f374 |
| SHA256 | 7dcfa0e9a7fa048fd62e6049824f365d83f1a5ba3fbafa74d45fe08c1f4ca984 |
| SHA512 | ac03287813b434eb799572893b3c8cba8345b215784d2f29c625aa67e48298879088ce04555540fa0700def45ad73f9a0c5db27778a945d601d6c449a9508032 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7572cfd1bb15700666e44696fab03060 |
| SHA1 | 40f9da42bb048e96bf20e1b87e2e7bfd7665fefc |
| SHA256 | 75603a01c6ddd7905390a258019951df01d972ac6610315cfb6eab1244945aed |
| SHA512 | f7d56d3b90faf9dc7a09aa20e7671d1c84472144f3ffb1396f776d485570af89687418290505f455a51a284952a44d724f638bb2887a4846ac390d6ddd631603 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | abc6e3b8da7018b998a2d613c3e7b58b |
| SHA1 | 95a49dce867224b0ebfd8e6544c17e7c2ab7bba7 |
| SHA256 | cf9e0df0614024e4c2128f4d97066047a035e340550c0095fc5fd1a743147be4 |
| SHA512 | 4dc8aac5e97c37face08cfad5fdeeed68f45d5b96ff66b83b1290ebdf63ae51725528a6510bb041e83a0227aede05eabf6c85a50133e83636c3ffca72c2c9336 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8cf2a54bbc74ece50fbdaad16d2c91d8 |
| SHA1 | e094cff7acee7051515d86296956d96373e9b9ac |
| SHA256 | 6e5299b358ff34b934cf9d6e3cac30027fccd5df4ec63b159c2889c645242f5d |
| SHA512 | ed2ce2f81a2c326b487a06fdb6062b9f5c399e0b81ceb8087878461395599f1ad8e6a8234b2999eaa6ae75c06b49fa5df60e98bad09a224ec93309b7388194b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a96c4c6dada59b995e2ffd176bbd0f28 |
| SHA1 | 248dbafd7c41778ac3887c25f771e3b4627f8f4f |
| SHA256 | e4c0c3a63a91bd481214ccefb4f0bd669cd8e29f67e95cbec3b2df54ac9d0a99 |
| SHA512 | ef2e223a9203e2728c698f015b4ff7892d15935acd3d47ad10dffcc2ddd43b6652434619658f773c047d70362ea92657697d41c899c9269f2b33d462c35b8de4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aaf4919b38f464486b545f36afd24771 |
| SHA1 | 5925714a31e8c456aabdfa8908d8a3681911a520 |
| SHA256 | 90438734189a9ff9ae562f0b175ae59c8e94f924548b35940c1988089a76f080 |
| SHA512 | 445a7b0a367fddda2d9c3378ea8b3bf5e42abd254fb91ebb7085337ea5af2786bf6b4e5c2e9454f0fb30767f12caaea55c385ed38357b0d0f1b181bd5e6cff61 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 329c691337b9b3f9e34e50efa5eeb72d |
| SHA1 | 4f3061553fab435ebd2ca5ba2423d02c92abf69f |
| SHA256 | a1bcc796fcbe0484e1534a7973dfb8701e4ac6921cd19f59576b5c6b739eb2cd |
| SHA512 | c97ff97cefc4700092317e04f3434da5019b3a6fe1e92e651fe7966390dfbd15ff3cd15839094f4815080d4f4ddc22cfcae7b8a76913ccd1726a250ff06b37b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b5eb5b686cb346615d548d778aaf073 |
| SHA1 | 60259371990d1169471ac5810feffde84aae4567 |
| SHA256 | 4f6153d88aba00a6b0d05bf6b4e5b1a865c8590d0b5407fc76ea3709b81f0c91 |
| SHA512 | 01b035ac77dbeffbcd85c74960839023d7d67646b3ec6257919b385874b4ced7624e4835b30335ac288fb144311ab3f1db8406ede0283f6956ec62477fdec1be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea88eb45215269b2a32d4d4705491486 |
| SHA1 | efa750e46e88c6cea5f31cb3d03e705dcfd63df1 |
| SHA256 | 37aa29cad4750c6b49060e9dac2ad2456fd077d3f9373c053099f2fd07640381 |
| SHA512 | d3d0cda3a66bd852ca0747fdf926d5a635d9858a57d14ed533094fd233b6f2a35132f62810010e164f3cb59dc2606e3347663af8046480328e0dd01c21400ec2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b75d217d891369b4998c3f781a55775e |
| SHA1 | 80aa4e2fcaca294be1141c706b6ed469e0e16282 |
| SHA256 | 1b607d3d8f754ca15d6347fe38e8b8554ab1dc92b86e936b0cc7a680132c4739 |
| SHA512 | bcd0f8060a9722cc9b9eeacbe2a469aba84864cfb06dbaeebb294b07864614fdb77dbfbe86cc5b99e2034fcbc7a021a378117e271fb22ed4adba744e03b64e19 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eef2faf726808831b3f7a416ddc0a3a |
| SHA1 | 996888d78f9e372d94ff5a92ca612f59ab030800 |
| SHA256 | 3b44188d15745f96a75d2c5bf8448e22e0768c2dff22417995410124c89e2c5e |
| SHA512 | 00f71fb6e186d63b922735c4f002e82ca953231b768293614ce993e200fe284ebacbd18812c0af814eec7d8da449009e8d3247c0504778c7dca0cea35d5069be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90f8202ed947019df8bdbd59a43859f2 |
| SHA1 | cfc8f04e1d4ce4a9552a42337b4e5a27c754f17c |
| SHA256 | 3740c331c276747553e6278ce195b815e9463c8c99adfb776c4662a0385b1cae |
| SHA512 | 5c381d80bb790042952505183db374ed6b7a204953ee17402b4cd63d1f08d07b636f71c8c1acc3972b6c22c034df9ee5370824776ac4ab0f4787dd2f0c1c0661 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecdd52a47142b1f031436e578b590d1b |
| SHA1 | bd4fe4a17cd10562728e43968b4b7199526b54a0 |
| SHA256 | 464648595e53b0aff8554b46d9270e952e2982e6bf96baa156af7aadbf8380a1 |
| SHA512 | f373f3a03c8b108a56332a482891776b3eed97cb36d2c29b13dd4c2d7738c881c59483d1a7fe22254d135bf24cf254f31f82b59ee260058894c3dc7188308d87 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 13:40
Reported
2024-06-13 13:42
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
151s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d5dad5cc9a42b66655eebf6519bf59_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4168,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3784,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5292,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5440,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5468,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5812,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6056,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5672,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=6392,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | bs.yandex.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | ads.serveuser.com | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | masterhost.ru | udp |
| US | 8.8.8.8:53 | dd.cb.b0.a1.top.list.ru | udp |
| US | 8.8.8.8:53 | counter.yadro.ru | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | razgovorchik.ru | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.4.4:53 | google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.249.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |