Analysis Overview
SHA256
ba25bd775d253f74b48368bc5437c3cada55ae887a8effea89d4d981991f949c
Threat Level: No (potentially) malicious behavior was detected
The file a5ed6cb7e18fa0ddabad1839486a2950_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 14:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 14:03
Reported
2024-06-13 14:06
Platform
win7-20231129-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C02F6DA1-298D-11EF-882F-5E44E0CFDD1C} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424449294" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9012b7949abdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005b680c0140377d419b25a2af00a00fac00000000020000000000106600000001000020000000b4ed365aaba20b2902b6d11e612329bd1cc2e9c7c25b8129480e583c9b783b9c000000000e8000000002000020000000207f43d464a312d47a44760c8542199ffdb8000973b61b7ed39813cabc3c1f87900000005f40b2e4bdfaa99b29ab154fc503d6f3080b64b4539509ebf9adfe76bf75d78f73995fb17ddedf4dbc56c8bfedea40ce19248fec4ada707caa8cd1cf3978f5fb7cb6337781ca6c5312d788d12b9d176f56476ef7b04a5b4a8647a7ed77cc9f501dfc146e9822eba791d404c4857474cb2998faba1b84337ffbf9237c750bb2012bc31b93b185d33779865a19b6380eb0400000000aca72b3fe427cc9fb1ad5f99ef90e91792195219c3ea0950dd89ed899e1f8a25ac1fa91d36b5d8c2543222d0deaea2f2d8e3f71e531e66fee04260524d60751 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005b680c0140377d419b25a2af00a00fac000000000200000000001066000000010000200000008d4842ccd0b8a54b662975886d97833cec0c2d0781ed9fa36af178cafa6b1de7000000000e8000000002000020000000ec72eb099998b6f46ed8d55304f45129d6e7cffe1e2252dcaeef40a9f3c7ae8520000000435c963f130df0a203a4287c205eefa00617f6c083c2613708130df887d88a0d40000000dc1f486609e1e2aa062dc7ba7aa89ed068a150a79fe8a0be9ffa87e224612f0f7a5ae69fcb8043a988bd3a43fb7a6d375a80bf1c72cdd8c25d91baa324212caf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2000 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2000 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2000 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2000 wrote to memory of 3068 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5ed6cb7e18fa0ddabad1839486a2950_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.177:80 | www.bing.com | tcp |
| NL | 23.62.61.177:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1E6A.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2005.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f19319734e4fa4a443242c62aa29302c |
| SHA1 | d06fa28baf34fa25f0e600626387324b89f8d277 |
| SHA256 | 68c6bf7b96aeaead03f69a6fde11b1cb81498ec5692e8506d134197abe72f31e |
| SHA512 | d2a2e561af0488b083fd782f86898353e8876a6f0115afeacbe7299280a0128826f41fbd17348a82bd00b58911a2b96dfd6f2a90ad04e6566f19e26dd9b16351 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2cb6088165a5bfdbebbe8c0b337a46e0 |
| SHA1 | 863b967870d09edfb4122cffe54f22fac2a3391a |
| SHA256 | 1b12feb1b3bb8df52d8beee0ab70cccdc3ce8020dec5efca32910748ce9a766c |
| SHA512 | bb4201ea156a08fc5ba040148cea616e7ef606c423c5966930e560db15c22883963ff2f1e6e4b0452fbf59492c50e6914b94085de3dee83aa6fc4534aa1ccb8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 29c7467e314d90cccfe43db3b7300511 |
| SHA1 | 50d58f00f1d927a6bccb466f6915eacd4dcf5e8c |
| SHA256 | 1ad414f541defabf1a023a99b146472b5025ef2feddf556ad904797d1d00e16a |
| SHA512 | 14ca3cae0526c23619e5c18d2ce508cd8fd80a5bed9315e55d32dda994c2a9a3bc81f3d4e150c31e692489502ddc7fcda92f31325f16336f67014d7ad363324f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 148b13bb3696bc395a54f044fa6a18cb |
| SHA1 | 7e18df15df85242ca37729b9f260c05849eecc6b |
| SHA256 | 1b98f31241c98d85d78c2ed1874d77da878135ca5e64619e0cc6e2e618e47541 |
| SHA512 | 4c94636bd9d02a6f3677e630ddbcf721aed7d5df1a95c964d1c5a2a696117d4aec145a2598b3a16fc2e188a827912fcd4c33b3c906636a0c5348ad387d6cb5a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 47cacbd48276f2554e7c6d272dcf6c56 |
| SHA1 | d73b2160ef7257af819531a8f4a9932de67cdb42 |
| SHA256 | dca82bc425a836fa6146d4a9dd39cdcc90b9501f75095035b80e2bab01615977 |
| SHA512 | 93c8229bc4b04177ad24ff52631fc98e58079989603d531ac897daf87803c37f10bb936f52be8549d9edbab645a9fcd43a34a6ab923fb8b05191174ad09dcfcf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 616543b49a4733c9a3553b33f60203aa |
| SHA1 | 0f84949f4085aa422091958d5548e1707bbaae67 |
| SHA256 | 30548aa8a9f8775808702070d49f80c436330a5e7c2136bda352a0df96a6db3f |
| SHA512 | a5a80fc07703431a8a0fbe4fbd0de3a7d53b075ce880303508591e5b4347a03b66fc0e7a464a0849df2919143d647fd16d573045d855eabc998ccd698e5b3f2a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 655bacc69c8394cc0a8438bb34c1f5ba |
| SHA1 | 50cc6d416e42407bbd22529bd36ea70d54263942 |
| SHA256 | f2df147fe6fd38114e79ab703f9b29dcf48614e9500a6136c24ab5f0f2df2a4f |
| SHA512 | 744ff0c6da19ae7381c8a89a35250e05a962824c852ba8019d55617fde8644af8331ee990b3cef46c09568eedf3fdef5a75bc958a93e7ffacd8b6f3aad707fa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cd9abd9b8111d0819d9c70c34a8fe26 |
| SHA1 | e1f2d84481298e3e91a47858065c688a938b8f53 |
| SHA256 | 4400f0ad9f1e08a6b59d10da1f724db0ee85698e871dae486b26fc2b4a45863a |
| SHA512 | 978b4bad203299d6a9a59635718eecfcf2e687c8d0d518d7f1e3d9cdd75f80872e3af3f2510feca1f45c4d1f00898f5c64f78e0dc55688a2aeda530aa1db276d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b8d152deed24ca6ea593ef00c689263 |
| SHA1 | 4d069c56e8806e62c209bcf450627c5132862b78 |
| SHA256 | 7473fae483e6d03a50a28f4250b112be7e80d49f6d57af7a04b5551281be84d6 |
| SHA512 | b1621ea350746605d4d13014140cd5bc467dfb90c6cec63d841827c6e071ce49dce982f3a5416820573ba24715028ccb2bd113aa64030f2f33c74cc88d4c02a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5aa29c81b24739eecad6ed9c8eaa1666 |
| SHA1 | b12a77dc12b19b944ad2c1e72154c5c9654443e4 |
| SHA256 | b5e6a2729a59012ce0db1e7768ac9b303a5e90b2039673d406b086949de3304d |
| SHA512 | fe6ca1b6dd2d5b35d1ef35d71ff0826da3dd40bf28190ddcb7379b18e37734e1ecbc5606886882a0aeb55770cbfcbca6c0b9f0c4ef39626633366e9c0e50ff0b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 122ef8f8654824c00fda473bfc92f933 |
| SHA1 | 1119c30990ea11048a57291e014a0a0ec542425a |
| SHA256 | a172ac9a3b3e7cd3c925efefdc97bf9650cbac5350a1f79d6882d51058268f47 |
| SHA512 | 0426201df1030a161d6e3fe75ce5d252d2f9b7f5a8ce2cc02e979104c8ed12622abef339257c268c0e2ed24abeaa90e13b9f803f8f88a2cab6522a9a12486269 |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fc9c3b4ead11645ca39ec2754fd8f1c |
| SHA1 | 369f6bc24a0f3da424ddc4d5d25cdeaaa5e6e89a |
| SHA256 | 23ed0ffd3c123aa7f18d22cdc16acd19cf18905cca539b264e49da80687c42b6 |
| SHA512 | 729d94ae08350d2b30c998991f7bd6021a864251bf3bcfc263d930eb6fecbad1bdc81219a0346fc84a8526600d33d9775aa8f5e6195d450222e69327ec217309 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca0685d6f8eb7c68adf782a469bdfe78 |
| SHA1 | 8e567b25ba52100350cc4f4c429dec30aec0c092 |
| SHA256 | ec586d9cd3ef76f40d66d3681220640eee18f8dbaa6af9441fc37dc75fda2c2a |
| SHA512 | 71484cb41b0387db55700a207dde7881fa6bb28e1a13474c07bbbcb6dfc76e3baed6eab7f3e9ee3903fb4ab4aba653dc152d1b9fa05ffa074f82a009f2b4595f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab60318158886f7a971c136df75a7c23 |
| SHA1 | 28dcf967cd2d31bf67492c05844aef1a66ea646e |
| SHA256 | f1df48419096f60298d9b6bc3dcfa63b0d4d43cf3fd59cb3505a59fd5a757ee6 |
| SHA512 | 19ad90b7605a8db9e8cc52d2e64338b67e65cdc6b6b61431aaf4ffd7806a5dc3dc777fc3e11c0103ea3383befc4156c584d4a10ccc7e9a1e5a338e0649fe3275 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b703023fe5b77ba3800ac2177c0e051 |
| SHA1 | 390f6887fa90e422ff5b420a3fd02f51c6b38bc2 |
| SHA256 | e05433a5496dd0849442c129228b3f75937c92163400f4ed5142358b1bd47c48 |
| SHA512 | e33f336024988aa472072f177a728271ebe6a03e34af7d99a6c39deb897029043adbb454998043997ed4a0bce9c843bbf5f6862c11d47706f4e6b58ee4472a2f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90dd73e61ee1a41589d96ef274cbd572 |
| SHA1 | 6c71c2d16e6a5f912fa7a16ae42877bd40af4248 |
| SHA256 | 7748e2b099ea1aed860360798d883b348d27b2abd541446073c193419e0e2a2a |
| SHA512 | 386dc15e83deac39755ba269323dadf3c072a85fd58f2ef1d40ed6e131ce7db258f7e8e425fcfa47665dd314595cbc590bdb3a98ff142a8029e1738678735155 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16a4ab83d89eb836345fa3f39f389f0a |
| SHA1 | 8b138c192da26be3f7f725d34e5941d400630d91 |
| SHA256 | 611ba58e1b2461ad463b4d62112fcdb5ee810bb1df9baae4470ac334063c11b9 |
| SHA512 | f9ba8001ccb6dc3b25f68ac20edf6f479e9e5755769e9e00d171cc256955d5998c9e80b0b555e0a99e69f825f6ec558f989d09c293866c8f145a8841d70ad60c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e27004c9084c713bbe43b32188a63e2 |
| SHA1 | 86bfb1ab66db9e2c2c5283e4bc9c96e6ee5ef6ab |
| SHA256 | c96ee92c51782a23c5723014add577338534f393d37210e27f39c373af234d84 |
| SHA512 | 4349a5a3571fcb192305d99955dbe787484094c86ade20cee4529b0260826cf60ec299a89b51964983618a7fa124b79284ace28aaafd43aebe1c1fd0b4333c82 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e102212e9155524db5d20daf65a4ee2 |
| SHA1 | a92830184fb6c65435b496fc78475443078c45a0 |
| SHA256 | bce5e85990927174feea17cb20c96808f31474d85dce860e60fe7e6d9ab50c73 |
| SHA512 | c7fc2054726a3eed9aa59e9dc4e613807ccd3edadeed4b087986f06f2a07423b298eeb420a441aab78550e599bd4e71e03254c091e8051afc3633671ff1e1dee |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15a5b56ddc138da2bafcf87da0115457 |
| SHA1 | f40b513e420bca21d652a4dfe86b24338c378790 |
| SHA256 | 93ad4265195776727e8e6fcce2a30244e99024c9150e46683cbb747966707eeb |
| SHA512 | cc04f8bf191f90ae7cb1810ff87feabbb5f2d2540ececf2ffca6c878152a08b607da020e18ff8c003ba982d68e5d1f0ce4014995633dc5463fbdf96d25b918e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dab32ba6fbaf7cdc401d889c2ce96156 |
| SHA1 | 161a55eac70aa990ce2a67a67b60701f89d01c5a |
| SHA256 | 9ec032a1e093375121e18376f8ceccd51ad52b02bfd522fb6ab7a0c2ce89ee9e |
| SHA512 | d98358c35d05f86cfb412002c5dd42d3eb5a7614bbf9297d9d4246aeaf81ae40a090c43e415c192c74764ec2956d4c7c8a9a127162b2b38f3e34fd446191b1a8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 14:03
Reported
2024-06-13 14:06
Platform
win10v2004-20240508-en
Max time kernel
133s
Max time network
143s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5ed6cb7e18fa0ddabad1839486a2950_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4464,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3864,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4776,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5332,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5448,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5444,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5000,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5872,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | cdn-adef.akamaized.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-http.microsoft.com | udp |
| US | 8.8.8.8:53 | 178.223.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |