Analysis Overview
score
6/10
SHA256
b76f3e88b32ada7fdf3b9a26bcfd5194e2cf1daf0ff1bc41e453c943c6782f4e
Threat Level: Shows suspicious behavior
The file a7e435c299d9a9c89bb2d2a4817a5157_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Mark of the Web detected: This indicates that the page was originally saved or cloned.
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-14 03:42
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 03:42
Reported
2024-06-14 03:45
Platform
win7-20240221-en
Max time kernel
137s
Max time network
121s
Command Line
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a7e435c299d9a9c89bb2d2a4817a5157_JaffaCakes118.html
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2953A181-2A00-11EF-9891-EEF45767FDFF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424498433" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a0aa79c9dce5f548ad9c3c71c71ea21800000000020000000000106600000001000020000000e4d9befe70947ed2e8d93b78e7860bf9fd7620caf0367caf1a475ed4a23da157000000000e800000000200002000000052f4758f059d05c5be2fcecbfc9e707604b8bb71501e624f19e72f151ca4fc46900000004b51d6318755695716565d49988b24838be5a355df5ef8d8d6298a894a6b24c3a0f30ba723d9999dce4e9bcdfc22955ddc081b144ef50eccb6ed55328cf28dd59a98869433df4eec455b12d937219160c1c26029e1d88894ab81272609d24a4750a6a28fc5369e31252714a03e8aee7f309a4a34e5f94552045051a4019ea8023eb9d3995d9408b6176b8fe65a412b9a4000000091a1bb1e0732a932ac353c5ad34e5dfb9c6a1e4cadcbd61766dae9401ee1d1499c49dd0a672610da3f799ceea914a1680981e4e60b647f3eafeab617a55e5808 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0e8293d0dbeda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a0aa79c9dce5f548ad9c3c71c71ea2180000000002000000000010660000000100002000000071120c082a05bc5cac1310af757fdabe248f4912c0e94f8d38560e6635ebbb54000000000e80000000020000200000004d649cd9fd84533b3365cb1b0d30f996780361f78d9bced5cfdf73887b71b5e020000000f7c0327284a8cb5a71ae38342a3dcfa3cc5e04628447ce8bdd9848fff56a0e3840000000f0f240b95ccad0d6fcd29643d9460250d81d3ef175f1f7573e3d975c05faf09dc764fcaabbeaa3de99701a046e22faa90dae5b742b2724a7f6d4047fda41b4ef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 880 wrote to memory of 1648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 880 wrote to memory of 1648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 880 wrote to memory of 1648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 880 wrote to memory of 1648 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a7e435c299d9a9c89bb2d2a4817a5157_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:880 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.logozj.com | udp |
| US | 8.8.8.8:53 | float2006.tq.cn | udp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| CN | 123.57.205.101:80 | float2006.tq.cn | tcp |
| CN | 123.57.205.101:80 | float2006.tq.cn | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| CN | 123.57.205.101:80 | float2006.tq.cn | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab255E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar267D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b6e18f36a6815044d9bc8f2339928926 |
| SHA1 | 6743c58cf63dc36fb42d2839efeeb62e047c7e3c |
| SHA256 | 587e68e12667db404b63d7d7626f5b50dadfad6175dd68595e02726ce29a021f |
| SHA512 | 45db6b112d52e166d592eeed6aea24ed25ff82f7bf0410b566b39c4591dc26d5aa94deb8d80adfe2f8f85700100bec0251fdc5f8d6b4b033f993949a7c9d59c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7a24dba93a520dc1978d6f6df8c18eac |
| SHA1 | bb7f7a18b5977c46e37777c6067eace7461aa500 |
| SHA256 | 7ddeddbee48996c1121d10bcd25e4c99cd82cd3afddabad1570bbb4cd3135178 |
| SHA512 | f06d49f650a6a6be94edeb0740015ed283f0b040148d2707a87fad862c69f7c11b298661014d9fd26ceda818f2239dff1057f0b7c9f0f1692b3f73bd2acff1c6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9f72a27539e425203a41ee04f63f058 |
| SHA1 | 91be515c65275a9d0a086374a214c9143c615a79 |
| SHA256 | 58835725999ada696f48be837063488d2c18b8d73eef20aeac616ae66f83775b |
| SHA512 | 27298983b6332c42e69e66ebfb2eba7c25e1796b5e4c1a12b340cfcd6f5628e24f0b1f89dbe213613727234f6ace684f5c780cbaec4e770da297c4404ea7de65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0cba373aa5db7b4975af7ac8a0c3c29b |
| SHA1 | 70a0b0770c80853cb721548fae291904b19c443e |
| SHA256 | 4e742a0e9f7a007767c1a746e1d84063cdfe0812a1261ba4d74a3397171bb293 |
| SHA512 | 4bdd1edced97842a68162a2dfb936f9db9062967c7db9bd89f43dde136101229044cc467974d3b807e0cd495fa2d9a50cd6abd5269dc1c06f010d9611322a98c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2fd3cac52d77e565b0bc206a31f1626f |
| SHA1 | c978399670ed2d461ebc1aed4e34f5ca93739b71 |
| SHA256 | 0fb401b63f3109273cfb9ffbf64c85e9968f06a1a34f481eaa8af1ae0d92ecd2 |
| SHA512 | 2539f78b22cfc601baa68988e87faaf79605fef8138ffa011b2edb579bf7064056867387d169282f371e3b3ec7cc393d1a52365b855a7d54f8b5ad428d96f32e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e8fc02904cb19f0c3f4f8a8a98d8b4c2 |
| SHA1 | ee13e578dec09441a1d144612c92fac588705ecd |
| SHA256 | ac54fae78fbce7da0cd2630b7253e60ab76d5cb6418b3a9919b88a20f6d94a3e |
| SHA512 | 25fe41341faec612c76b9d285490482d6c58b15d41a838317698a7e8756fe5a589da4dae301a5bc038114ce82c65ff65ce6dc8a7e543ed98da42bfdc304d7120 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 16ef60f01cbae0842c607c375a73856c |
| SHA1 | c805388e0fda89c6ab38f107948ab98340612fbe |
| SHA256 | 5cd6238ec830c37b806a94f2650416879a167bd3b6e2b8e6f15a72e5ec4bc2d5 |
| SHA512 | ba65543c4b225bde0f7c9f5bb31511c6524b418573019205c407c52d7dd13d664af1d8234850f0a620d081b91d2d466c18e0a55eeb8efa8d77857a69ecf48b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 41af1d5b1d60cc3fbdcf576bb39647bf |
| SHA1 | f9441d81aac894ee467068ce1c153d664d4c7774 |
| SHA256 | 63f5ef76108cbf2b1257ec631eefda05bce92430862fe24160c858c541597130 |
| SHA512 | f95be5f6046989f45b8557cd1e2b0e9c19ce4bcc092371dc272918ac18cf584d92d2a6be78f75adf9ce88e8fdc9e6930740b0213b0b0b6d560e0031958e33206 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d84b437179245c611598db3afdb85209 |
| SHA1 | 1011203ed891128408fea4a13b3967a7f2c03fca |
| SHA256 | 227a81dfa38d937844f2caed40d6ccb8053c2ac4dba797c8af97111bb41cd6b5 |
| SHA512 | 2ed4842042e555222b80d03e8f21b134369eb6d3cc9292e0ea0dbe88f31fdd65aba7343b6c8c19342136fe85bb7202992ccba2dc6df02df73b2cb8e33bde7f27 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5ef08f3331d78a4a1f507bf7bc3feef7 |
| SHA1 | 3b9a21fd636688df81f00433ce6ad8e9c9f5d4a9 |
| SHA256 | bef3eb7589b0996e2c7ef8e25f24c394f5d7ca4b1863f6a916cfca8b1d02e8f0 |
| SHA512 | ea5bde82c8375296c366dd4d140844e4d1eb65d110bbb05679a5ca68662db8f4180de074d1b0492d5658fbafbf0ed8fea2a82f1e822d599b23b99a9ec6d861c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3358d3382f6cff6feb9419574afab2bd |
| SHA1 | 431782ddab63bb8298aee295cf7ee89dd32c2d94 |
| SHA256 | 3a515d21a22d710230a58ddc6b36f77d0475cd86bde5bcbb69c4a7d7bcaacbf0 |
| SHA512 | 67387206d62b7518772a6592adf9caf14b6e78510126268e31915f19f65b8d93fc99374d2f7c646b4dcb12f2e02e6be80286e0e6c7799f9f9ab3528a20181e76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfa0905ffcdcedbf2d3b9482f10529f4 |
| SHA1 | f1f7ef98de6c673ac675f57abe9132d3d4b2afa6 |
| SHA256 | 003ece2136df9092452cb001dd692ea892d7cbaa2505fb1698b08c5ccdcfe4a1 |
| SHA512 | 1e89933b5c0c696f214747e90ca7d41f183189d7b48565a7528812984aee53487337afedeec3c1d2fa3eb1227ef322a47f7565387ab7caf1fea27c6dec7649f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4379b67d2117e8aa65490c42f7d55cf3 |
| SHA1 | b5a6020078d3649d41a0f5c756c95d7419391525 |
| SHA256 | d4bd7a2e4cad2b6be82d872c3eec44dd63cf6e17357136b83b71e76ffac5eb28 |
| SHA512 | 9ac6344cce09b46ef8200de6085e50bdd9bd27080b675bb7d31c544de5e5536cc614315a7745d79ccd2572f89f73a9c87f01d9f95d95793eafae029ca7b08ac0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4992b1a5b50fdbca7c3890a185e8018a |
| SHA1 | c09a681a91cc708accbdc103077428cdfd81fe67 |
| SHA256 | 1ee392bcd832af8960b1459fa99a9e30fbe2e50fef68d8f06c65062ec6caef22 |
| SHA512 | aef1503569fd2cef69b2f48a8a9abb534dc8b2e557ef2385067f6f5eb99e4550ad373524476f072d921a51c5a02358809e5fddf7a3f7f14af7b6d9cd9a275691 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5f6c70a7de2243732c1d67a14b910501 |
| SHA1 | 0f86f30c27708c712fb3a22f0ddde0d5f89ddb75 |
| SHA256 | c2849fc8610f1d9ba73f9b45a2b064d3ee0529e7ef89aba885a61ea24da21e6d |
| SHA512 | f2b82122cab1c4682d4f55a6ad4dd480691e284356c5542f19884461e1b6f19c5ea5219ed72cff0c4c30b488c4eb86b1e8e599364627a9ae2be3eb56a55b9d13 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9baf46d5bf0e2bdffbcc78c1bea59c91 |
| SHA1 | 7a97e109c89f401d9bcb9d83b665feb341a438b0 |
| SHA256 | e2a522e901b4f2d349a8be4c6652612e47554868937cf2a2c3b0ee25e7c11ffe |
| SHA512 | 7a3f5a2d6915fe62534e938e7601322559bca085b8a974bcd5e485600a6ec01f27aaef8c4911e4db665ae60625510f57a9f8a15e03ec263d3da4ec16c95381bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 476b61a2306322ad769ae7bcb9523ff7 |
| SHA1 | 8bcc9ce76ec4b8cc4ce36a2b4859b78a0de23ce4 |
| SHA256 | ea08a03c2d78b39613974c55f7708fb447061f7081779f1608fe6e2b988896c7 |
| SHA512 | 6eabedcdaf1fd542deea36952d87254b0c4aa2147562cbd3cf05e88652ddbca2c22711a34c60cc6f3c0ba284a03fda9813068484c452feae828ed43176c13151 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3612f2b8f273336f845a185253feb231 |
| SHA1 | dde1bcb5febe6ba860de6ba6d53ca95e7a765a23 |
| SHA256 | 4d031764bb8cd7d554cb4abb4a204b85b6360022a0e01e48aa5a1d1fa189f670 |
| SHA512 | 27dbf2176cd81fe4e15a91cc9f969a649e604ef3ed73228973fc28f71f5925c4fa67d01e4928e1df974bf988e930c08dcb0902750ec6e7d17f60446e85e1aa3d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 03:42
Reported
2024-06-14 03:45
Platform
win10v2004-20240226-en
Max time kernel
137s
Max time network
146s
Command Line
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a7e435c299d9a9c89bb2d2a4817a5157_JaffaCakes118.html
Signatures
Mark of the Web detected: This indicates that the page was originally saved or cloned.
| Description | Indicator | Process | Target |
| N/A | https://hi98.cc/gg.html | N/A | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a7e435c299d9a9c89bb2d2a4817a5157_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3456 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4980 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4568 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5320 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5872 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 2.20.12.101:443 | bzib.nelreports.net | tcp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.logozj.com | udp |
| US | 8.8.8.8:53 | www.logozj.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 8.8.8.8:53 | 215.169.36.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.69.104.23.in-addr.arpa | udp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 8.8.8.8:53 | float2006.tq.cn | udp |
| US | 8.8.8.8:53 | float2006.tq.cn | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| CN | 123.57.205.101:80 | float2006.tq.cn | tcp |
| CN | 123.57.205.101:80 | float2006.tq.cn | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 8.8.8.8:53 | hm.baidu.com | udp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| CN | 14.215.183.79:80 | hm.baidu.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 23.104.69.43:80 | www.logozj.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 96.16.110.114:80 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.65.92:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| CN | 183.240.98.228:80 | hm.baidu.com | tcp |
| US | 13.107.253.64:443 | tcp | |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.12.20.2.in-addr.arpa | udp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| CN | 111.45.11.83:80 | hm.baidu.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 111.45.3.198:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| CN | 14.215.182.140:80 | hm.baidu.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
Files
N/A