Analysis Overview
SHA256
d049498c405d84f0170636e44b2e04032a40a431aad8615f67c3111388c9a483
Threat Level: No (potentially) malicious behavior was detected
The file a5ed5d2ff6743d6c6e46670c4925ff94_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:03
Reported
2024-06-13 14:06
Platform
win7-20231129-en
Max time kernel
139s
Max time network
141s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BE6B0921-298D-11EF-888E-CA4C2FB69A12} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000097c16cb72775654aa46ab6d1b248495a000000000200000000001066000000010000200000005673ecba0a759fc06779bbcf0b145d80d1848df9655e345494c8baab798b6584000000000e8000000002000020000000bea5dfbeea475d8f9bb449cf6c9906cf7392de6ba335736fd0c26ffc88613ddb90000000437c2a1efad62a8422868848daa3fa717179d7bcefe78076e79189c0d012243d28c3f41affdcb336d177048d93fce765ac73f109d7e668f750d0de112ebe498917639a5180fc5a0758a3b544654ae1343ec8b24f28763bf3a5b3f302bfbfc0ee0eadca48f8fd08ce670f994566f7ecbf8485405bc09fc93ade890a69ae8acd33ff6ba289e498919469d501e88bb1456b400000008e863f995f9100e402fddc1641be467ead71d15214389f7021d41967be6779bad80e7ebb22128946d3fb8572051f5edfaf08fb0885ab70777693a96b6d98f89f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90a73c939abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000097c16cb72775654aa46ab6d1b248495a000000000200000000001066000000010000200000005c04918349e024608fb2607b0c6346e9ca7a523b3142bd031a8ea4eccd0d6964000000000e8000000002000020000000b090eb077979b74c26ee0ca10142f1f978bd6751b18a01cc55a4091ea1420bbd20000000b15000021f93f5723a4417a013826ed82234a4630798adce61582c3deab20b7740000000de9bcc42fa45fdf6d7032436dbab9fe6fed41441f2051756510a6fb457f50ce2a28a135c4e4980571aefb983a7dc1955f288c5756fddb3e486f5ba0819a43628 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449290" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1160 wrote to memory of 1992 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1160 wrote to memory of 1992 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1160 wrote to memory of 1992 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1160 wrote to memory of 1992 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5ed5d2ff6743d6c6e46670c4925ff94_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1160 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.72:80 | www.bing.com | tcp |
| NL | 23.62.61.72:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar305A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 525d2930474b9ada4479d2dcaeed4e9a |
| SHA1 | e485780ed4f9f2dded1bd05618f9d143ce50f3f3 |
| SHA256 | 38305017fa7522bd6d677ded4633383d5b197aaa87529a57a74158101fedc339 |
| SHA512 | 99957cd784c1ee0bea2b0506c761b8f03b585552eed1cea29785e4efe9e0dedd5238bdf05337af091e16bcdd937e24cf9aa716c396befa18c2dce3423ec416fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64787b49c63d2612ad9e41dcd939129e |
| SHA1 | c4b9c30d6aee866449ad2043b3628577e78dc67a |
| SHA256 | bd3c2b842772bac7bf83870e9246280c38216e43e3cfe313940d35f4ec942956 |
| SHA512 | 5d38ec661ebaad0e4806c3b5a17c83ffe55b0aedd6dda7d8c4b39dab66cb26d79d72371d1df43acb80fae35727a3b1b320d59d15ab56821cabaca2f55aecd3b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ea6770f4b7ec5739d797df8bd64ae64e |
| SHA1 | a0e0159e236c8bb8c3d5fb1b1cae13ab242f38fc |
| SHA256 | d1e48f3d20a69d6e1c491a09537cd46cd3bfae1db99f04c9604134451f265d57 |
| SHA512 | 88f2c6f727dc7d5f53acb82bd3e87796245884f1142136d6629c56f5e5f49a0b4a63b86145659594029d28295d30636a335d407e2960308cf005a4d75759e7ed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3343d88e44317d734f20fb7c843871d |
| SHA1 | ac9722811cd7abe7206476a527d7151acfe8255b |
| SHA256 | 02be095dccbedea6efc3651d4fd93e3236451dd9ce71467028ab317b01b9aba8 |
| SHA512 | c245f8e3158cb3b032c8d0944cbaffeb42e9673edfa86cdb66c3eef2805759ae2b43a26e1129a88853aa0c755411e86d3fd6210535f13f0544c68b0da697260a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c006ecf4c161f86393da45b6fc7203e |
| SHA1 | 178599361703964dae7183eaef115c68cbefadae |
| SHA256 | 2c207e5f1ced406de15cb0bf8bb26ead9644903ed07d9bf305560f4272660324 |
| SHA512 | 479c7cefd59f4abcd0a0e22001eed356c3b8d17c4e209fbc5948ce9b597a42ef4c4a37f87aceef187038f2a62cf20ba6a65229532f61409f4efeb0aa7ad72a40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc6d646a441b7c400f04f82ce009e720 |
| SHA1 | be2cef082504b21cb66276feec25d215a5fab2e4 |
| SHA256 | 26c67306aa683a30aad231cf7d91475ed28796602e1e4b2f085f98547c897261 |
| SHA512 | 698f7b8e5907286c1007a83e00c755ceddeab1ac6d078bc414a2b7207e9ebed0772f532af43ba2f20393d7adbf24f003db2e18c24d2d0f7c11ebc0f7498ebe1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24603f87025bbd1dc76e48f3b66ec6c1 |
| SHA1 | 9410758cecd1136791f20a0991c4833df625ef9d |
| SHA256 | 3f3c527210f71c165a16d41b870e11231f3c0ee97424fdb9e125a310ca0c54d1 |
| SHA512 | 4bd96dd55bf34e2a83526616fe9dfbf021c8bd94780dc24d538017dd429f354375200ed19a08af04323daa93bda99431fd6c314e8db1c569af81bbc67cf4205d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f6181780b067db50bd1ed584c275351 |
| SHA1 | a6dd9e51b8a7a2ff858fc29874083669dc32b752 |
| SHA256 | a1ba9d6a0039baf0e200e8890451adfab15f190b43e698f8d6023c0f9807caa9 |
| SHA512 | b59ff865677a4ed553dadc4f57e98f81e8b9496557a811e38f4f8655fbb1a2a57707f588e9b01fd318f8bc4bc46ad34338c6787b9427578a02b12d768119b1b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 4e61df184e5e71418716f95603e90e83 |
| SHA1 | 05637c5ff48e6ecb060d8fe5f4e525a3393f27e0 |
| SHA256 | 16c4e7066c1dac9527ed0f93a431d65985f0da1c6213c8ef3e6b20f3b89a8373 |
| SHA512 | cf92e5c45687accf5fa2913119e219a871acbbe7febe6927ccd1d54951c8700c4948b58bf652c6ea60551d4e46980ce5a2cbd8442413e8bf219b96c8d6808de3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 63ae969ff4c096bec68e00693591bd1d |
| SHA1 | ef117036c1ca7a3da75d8a394d7816aa11737f47 |
| SHA256 | 7067643e88d7851981a2d183a920daf03c57fb94accf663b190e03c940084842 |
| SHA512 | ff6d77fcf28d4e7d8a85b3ca8a066643e0f309e60ac5030c943a8bb47fab39d7f0b3c37ceac4c66498f3e4b990c6d2e924b05aafe3e34f5e468ae97929b8cb44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5daa760000d837d452340b6854ef5e62 |
| SHA1 | 44a33c77e6bfd4fa2075dd4b28eaa0fa47e20246 |
| SHA256 | 54b3f6f0c858eb0668a122abceaab410b222ec0407d9890bcdc66203cff4bd32 |
| SHA512 | e2d78ef3be75350f3ce90c9d32c012f230963b3a9eaab352d3f75af00736f52c54375073887955ec8bab87eb6cd411ab7646ff2ccab6a17bea495c7bed23243c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5004e85a79e0ab64406b4278b946b0a2 |
| SHA1 | 20405ba9bbd92dfcc80a3ec2154893f0eb81510c |
| SHA256 | 02bdbf2b9feeb6e39c048ca19ee30e2d0859ef3747f3f20bbc435128a2e6c991 |
| SHA512 | ebd545882d616fb345f9b9e99dd1030324ed3443f1ad42a54244145fc874e01c9af8b4191de29ce1eb058f3c4e8ff780ba8542266dcbbdf3a0b644060920fefd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cafe029eaa05b0e8e343c458383d3e6 |
| SHA1 | 628a82cf07275f4ae01186e3ca9d511c9a5cfad6 |
| SHA256 | eb4a41d203178be883d15a205370aeffd7e3d608716ad5e7ae64ab93721afd62 |
| SHA512 | ad7a00069f728e124bf96f9140064af7c63664a47a4a43f0fd2383e36b70be05e1c420808a485ad4fd0eff3c313f55a06931edbd67f1896bfce9a8b5fd7c2552 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ab37f267d25f6ace121a9eb079f970b |
| SHA1 | 12c690bf25ffe9d119d153585dd33e1547ca87a7 |
| SHA256 | baa060426620aaab2644b6b1838f6eb4ec37df39dfd46bf297ef2f6fc013e87e |
| SHA512 | e6b13d0b94be54b68a202975a3208af73a7b0b7d4b3866f646e05faffd9aedc5650254c8943d6dea30514691f3f9e85cf1fc9ee97be9b0ae2fc7baff36610262 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8bd9d21cf8ee9d2d1b4124cd31d4e0bc |
| SHA1 | e73f98eec3cf98b9a91956448d9e2effdfc40751 |
| SHA256 | cee8597281adf874845fe9c6dd3b1c779f7ecf2c81a7da549fbd758f703c23e6 |
| SHA512 | 8e23c03465600db9560ed166d417c72b3646ddc174d7a8a3514630e757c86bd27e7979b92f0d2cd89b57d8271e373f81ab412ecfd194b550697f908b170aae2b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e5eb48ab30496f90010687871e6571a |
| SHA1 | 56e4cee056712720312d2b9baab0cb4fd7e2f822 |
| SHA256 | aa01d11664203a4a940e008073891fdc098e9fffc4a252b2fa1c1ac9415b411a |
| SHA512 | 461522d6e55f76139cb5b7f3186d225d9bd0e95eda5ae1e8a337e624bb227675a9ec59028db0848fa636d2f4ff39b69bce4f75f7d3e928c6d30cdb976da0695b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a7219c601ff03176b240ce2427849ed |
| SHA1 | 5fc5446f96640cfaa4f8633ad1847389bee0eed1 |
| SHA256 | 99bb51455e8801feca1e4f538cdc94482dc1c3372b878dc606ebcc6cc4466fb0 |
| SHA512 | 605b6c03d4e0a02364c37d7f84669ce09b35cfef6865056e592c0e93f0f3a9e15e3d8c5af13155ef6a79bf8adfff88e6acb173c86c8a82440323563aefae6e69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1e7ff0ad0f85fdab564486bdad95627a |
| SHA1 | 4ee7c8e36200ee87a6bafd5f52b0524ca4a3df47 |
| SHA256 | 5c2d8078944a2aab76b9e2444af611106ba2c4773d9c70d26cda7509e0d0e6bc |
| SHA512 | 5718a16e25f21ca3a657a764d826e4b684778cdf33292abca12ddf4b01c243ecc6ca07bf60826011d07caa523befd66f901741d21ecd13781bd37278b9a49e02 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5dfc505fd819eed247b1917f4ccb0a4 |
| SHA1 | f06f541a1ae1be97b064e1e9d18e1ef246599610 |
| SHA256 | 7beba0259e06a8aa0d17052e078aa24b588538bf8c28aa900449e78df735a261 |
| SHA512 | 33d5150f17c203381a69f82902ae3711588e14ef5610c40141303c90b7906371effb11c120693e27448cbe68d97c760b9084131e9972e8101f4216acdf7261b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bd8380442ac819ceeae4cea80326619 |
| SHA1 | eabe4ea6dc41f1a402cc1e73bae6b5e0b1647c03 |
| SHA256 | 5e5b81c473a5ad8acbc41bc71f03cf51f89575e292fb8d417a0c21ce5f85d2d7 |
| SHA512 | b065392ef9d0d592a18039775aa7871509708ba2de219c89696f8382fdb264a2f4fc73f73d5245b3ffc5a1cb5f63764838584472c03e0dee6f59c983ae12014b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe8f2323f9d2457ab2cb4cd355f4ea0b |
| SHA1 | 54f3bfa65c01a1f260ec6be411675283f5446aac |
| SHA256 | be0e3cfa4221418876518dd6887082b49cad06f6dab73752736b4e209c06a2d1 |
| SHA512 | bb8a300af82b84ca35dc984d379e05caf4c6cd6496ddcaff22810ef4e472042e80915eb59e24ae54219cb27b92258703cd9b0dd9f2d1543a6fab915d3ad23836 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61eec0371e66cfacb4683353110efaa0 |
| SHA1 | ee61a59f1c6e703ea7c962c22c81223e341f538a |
| SHA256 | df55eb8858894f5c47b4a7cc05501f8aa5720582035657cd760f22f0534bdc56 |
| SHA512 | 97dfe3fb0a484e659df69a4c2a5d39f8912bafde3609c784297a7a6a9db6137fd15017867769b5e0182ebc7cfacaecb7b7f78f65de3c908ef81a020f863d905d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:03
Reported
2024-06-13 14:06
Platform
win10v2004-20240611-en
Max time kernel
128s
Max time network
138s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5ed5d2ff6743d6c6e46670c4925ff94_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5004,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=2716,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3868,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5384,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5400,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5996,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5676,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5408,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 8.8.8.8:53 | img.sedoparking.com | udp |
| US | 205.234.175.175:80 | img.sedoparking.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | ww1.iq.mobilix.mobi | udp |
| US | 8.8.8.8:53 | ww1.iq.mobilix.mobi | udp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| US | 8.8.8.8:53 | sedoparking.com | udp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| DE | 64.190.63.136:80 | sedoparking.com | tcp |
| NL | 95.211.219.65:80 | ww1.iq.mobilix.mobi | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 131.253.33.237:443 | g.bing.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.63.190.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.219.211.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| NL | 23.62.61.113:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.253.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.89:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 89.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |