Analysis Overview
SHA256
f5748e2ceef6235c3d457d955f5b244ea2dc8dc8772b26355687c7f9e8ab3b9d
Threat Level: No (potentially) malicious behavior was detected
The file a771a25f6f79009b51a94f671afa7d8d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-14 01:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 01:02
Reported
2024-06-14 01:05
Platform
win7-20240611-en
Max time kernel
138s
Max time network
137s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02c4aa4f6bdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424488833" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000953c09574bd0423291bc73ba7a6db81da3c7e66ff8e4c553cb209c7ac01e1814000000000e8000000002000020000000b3c7ac54024a159d82f678dbf3fe298a75e26c122413f12c3678738a235a62569000000039f1ebd578bc15130ce7adac5b38d2062b0f6046f135027647e9cd945b41997d1c1ec2d04ff112209f41f1da065fc4db8f821e57f6201cf1280288962f8ce3618001c9aa3bbbedafa16d8529bf93a9f5f35e20f931d7ea5c86a033250b472a8db2ce5cdcf137fdf4f51cebe04bac24efb1407521dac133678575d8e88fcdaa20b60109d211f27b687761d1d7337d6c2a4000000087932e24c1bbbfdedb0cfda746caac718b59dce1ba3bf31d7309a57b5d3ec4b443a26e3dc25af9ac99e6cb3bbf30c11e7d6e0e4344bfa7aac4671f474976e310 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ac64d92de9d94f76c9534dcfe760567cbf6ba28d50b628d21588739976efdf00000000000e80000000020000200000008c47367f057fcb28b28be37a755309f49c23d9b61e3c25a9c20dce684814404420000000714303eb9a691f1aefcc112e1c2fbccb47993e5f10a63df21b00ec57c4e3554c400000002bab5d265faec2b6206019405c14085c32ad23f21d9d080b90b13ae76688b1e1e540cf7d7981e4bc77550faf04713c96c6cce1aa560921cefdf7570600354849 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC4799D1-29E9-11EF-9E55-E6415F422194} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2160 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2160 wrote to memory of 2928 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a771a25f6f79009b51a94f671afa7d8d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ad.about.co.kr | udp |
| KR | 14.0.113.208:80 | ad.about.co.kr | tcp |
| KR | 14.0.113.208:80 | ad.about.co.kr | tcp |
| KR | 14.0.113.208:80 | ad.about.co.kr | tcp |
| KR | 14.0.113.208:80 | ad.about.co.kr | tcp |
| KR | 14.0.113.208:80 | ad.about.co.kr | tcp |
| KR | 14.0.113.208:80 | ad.about.co.kr | tcp |
| US | 8.8.8.8:53 | adapi.about.co.kr | udp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| KR | 14.0.113.207:80 | ad.about.co.kr | tcp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| KR | 14.0.113.208:80 | ad.about.co.kr | tcp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| KR | 14.0.113.207:80 | ad.about.co.kr | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab957E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar95BF.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b77ed6e3d86bc765b8929edca6c6dc68 |
| SHA1 | 83acffd24573fefef3faa8ee9371350e27844851 |
| SHA256 | 20777100ef0805936b296f5ffc7b1b542d16fe4f8f5e07cdf240cd300c2769a6 |
| SHA512 | abbe00e105e6cc5edb438c4f8082b7f20f3a988cec443966d8e971ed95450703a3c146dd78109e39cf93dcf4c8893e56e753982b3740b0b46ed254cfec8ea7c3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 66748c486562cb4b218d377b28313dd2 |
| SHA1 | 3e52697b930ed471a3c6f5579c26dca99b11c806 |
| SHA256 | a37b2be6d86169fc8981194472e8d0cdbcb7bf745bc429b3d40800184294cae1 |
| SHA512 | 034def3412175f0d992786c29dc75f68324f1b0f2e858dd845407610dc0acef584da6d99174c93c7f40d5e458a0b85abc4329ad9423dc668900fbc613ba535d6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5dcd225802770d66fa378e12daca9b5c |
| SHA1 | 6d59e4211d572a773f23d9c1a6e6a50c77778f4d |
| SHA256 | fcbd0e8e70592755f326946080c33f5a1e17fee2fedd51795373223c92847b02 |
| SHA512 | 50e9513b4e6ed3dd78e54550018187febf9e3cd024d77b8a760808b15f210d0ea73bb1ea01599e2b4568de4118bf482c3f3ff77437ec13aa8c62f5fd83c007e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 131493b5c5ad3c11629790af22962bfe |
| SHA1 | b2e050c3bd916126a1400c41dd1b190db8bc393b |
| SHA256 | 5d0f757431becc5070dc4501e8d2e0e119aecacfee63df63d00d8e8bff2f10fc |
| SHA512 | a987ab9be1cc4f156c7117e0b4d435a7b2bf8cc28c83f2bc8b218d20dbfd62f0baece99f8ba4a2f586e08669c34deaf16dd3d754bdf48ad50fdf78575b57e484 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a4972d075c17489564341430230fe93 |
| SHA1 | 4bd6ace932480d6c93462f74c127ab75fce2b508 |
| SHA256 | b63b60180c4eb3d054359c43da3fc92195cc3708d5503a9448be59d67ff9118b |
| SHA512 | da959182f459e6210f7f4fbe289895c8ba29e2659f736856924a7ff76625189a7daacf692120bcedbc5a81eb06edff9d5a0651976cac1bb9fb2d35f4c7cfde5a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e7d9925d3a4a5aa86b21edb6e585f63e |
| SHA1 | 2a2da79539675e3b9ab3429d92c50f17fa85fa4d |
| SHA256 | 39db719d8040764a6ddeaca9b4da6f7dd30081d83744fec3b487d70e58dae6e2 |
| SHA512 | ab5469c9d8c004c6bc5296b02f2e5931cb114bec3a4bef04162959c30b07220fb8a52015e394e055967ec2eb4cbf4824ee927d0940fd677d46fbd9f89fe8cb52 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03ccb9516ea739da2c3e8b676eb8e9c2 |
| SHA1 | a2142f6f69f8e22e1a20e387f3a9e447c9560cfb |
| SHA256 | 5066c2a32f7a85961cc171a46ee0b79aff50bff7be355dd224c3543202eff7c7 |
| SHA512 | 3289680b658663409dc20302edf2c35e84c67d9fc09ab26fd0567ba825451d60b95907d3047c99b5058838f3f1d05e876e5c001fdbb31148bbdd0223614b2a33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 277e1df588fa5a6c0d8a7f9ccad91add |
| SHA1 | be265183e1c463fa2fe93af4c1d595d5289eb228 |
| SHA256 | d3dc2f41645ff7a97055325ee89b7b59e89c14baa9538e3fcc59e140fee1329c |
| SHA512 | 8e93a7aa43fd18093f665e786ec643e69f5941e0d9b980c9a32499055fe8072a26420e551a40e5576d4819a33fc666fe170a3a9ad91e03a1a97475d05b084f10 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6248d2d0abcf9eb096df2057597f797 |
| SHA1 | 58f79610c349d6c75a5f8e53f6459e14ca3c0875 |
| SHA256 | 8e50438da7eb1f19ca1f2d6ce61bf093469ed91708a3316a47e040c82df7c76e |
| SHA512 | 04e04ccf4fcc87d616e7c6c3364d0746e7fe79f5722ea5c797bed192cdde98d0e14ded3f9a0bca9126023ee569263caf789cd3952100e45c151bf17ca5714910 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86b78be652389b665256495cd3752529 |
| SHA1 | c680fa2c9b831100f3183b033f0a45aa2f8bf26b |
| SHA256 | de8c49391009355b05f8375ac9c79e86aab268dc62bafd114d09de89d8b0e8fd |
| SHA512 | efa9685b94152de26cb5421045008aa3c743ef554923de9f8c4352d54e3028eb44793b8bacf9470be05dfe4ce409b30deab31c2e488e1f99a84fc06d3cec5398 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e8d170827d7ce4f3b979ed929b95837 |
| SHA1 | 14d25dba2837186e5c6710821c2b579a71553312 |
| SHA256 | 381ed23f3c0716e7b2bcc4b3814ecda051e1f90ea792f57cc2959c5a8e4dc0e4 |
| SHA512 | 285589e86f446d41f517588b89e8c3df85f017512c9c8a02c2cbc0356137f056bdd5828dd8e4c81046edde992e3bf40fd1f056f9a01213c90f76344b6d20d4c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ab835a5c7195730bb80b3532c86e4ee |
| SHA1 | 05ac50147540863954ef5f75ff89e15286e34f5d |
| SHA256 | 6aba8f394fd411b537e67abefa48b9c83a7116970c0ada246aa4607823c1b2dc |
| SHA512 | 196220a2c92cecaa6e393270e148fdd2667e9a30c7ee75739214f3d7e3c4eb8529a0b5354098c8bb0801ac35929e3038bdac9ea5b5bca88ed2a4adc3200aa2ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad145a81ddd96bafb7e98386792e6667 |
| SHA1 | 953c4d6939f0da227383eb11b8700d134d81b5d9 |
| SHA256 | 7f1a09f6c86a5c178a12296ec055c3b2b52d4c122cd639fcdf821854bf0f4f37 |
| SHA512 | faa2eb834556a188faf0bef079b166377159d7c3a3c6d91e005548454d04a7aae79fa2d1d69761fff58855489a45f5c2aefb64a0c20a9e3d3f4e7310eaa6d353 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 01:02
Reported
2024-06-14 01:05
Platform
win10v2004-20240226-en
Max time kernel
145s
Max time network
154s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a771a25f6f79009b51a94f671afa7d8d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4840 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5356 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4948 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=2808 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5496 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6080 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4116 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6048 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 188.108.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | ad.about.co.kr | udp |
| US | 8.8.8.8:53 | ad.about.co.kr | udp |
| US | 8.8.8.8:53 | ad.about.co.kr | udp |
| KR | 116.120.4.215:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.215:80 | ad.about.co.kr | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 215.4.120.116.in-addr.arpa | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| KR | 116.120.4.215:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.215:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.215:80 | ad.about.co.kr | tcp |
| KR | 116.120.4.215:80 | ad.about.co.kr | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 23.73.139.27:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 27.139.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adapi.about.co.kr | udp |
| US | 8.8.8.8:53 | adapi.about.co.kr | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | adapi.about.co.kr | udp |
| US | 8.8.8.8:53 | adapi.about.co.kr | udp |
| US | 8.8.8.8:53 | adapi.about.co.kr | udp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 73.131.111.183.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 52.182.143.212:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| KR | 183.111.131.73:443 | adapi.about.co.kr | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 6.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.169.74:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.139.73.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.193.132.51.in-addr.arpa | udp |