Analysis Overview
SHA256
ea5b7471687dc575f9037f23888436f2c73103dfd72995e36c96d273ce04be73
Threat Level: Likely benign
The file c07a93716f7385f28904c3660469400f_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 09:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 09:51
Reported
2024-08-25 09:54
Platform
win7-20240708-en
Max time kernel
134s
Max time network
128s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0db5380d4f6da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ABD212E1-62C7-11EF-9AE5-CA26F3F7E98A} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000ae98c76060dbcecafccfcf42f0afa93d6c699ea1be295bcd112b9c97b72d6e7c000000000e8000000002000020000000e19cc64fab613c7cd3f8ee8c36ec0cc9fd184cf03091076de86a2d5d712c859790000000069bd5dd0a6e9d05278e1064149cc6e0bac1fb6c88ffc8c8bb42c3076e039a6564c17eeef00107d0aede60457112950f966306abc4feff5f6a97a1f450b9cd7beeca033474af2bda133bdec42f9e22753f135d94cdcd389b26efd0f4b38656976a13a7a5a15af60b16a7a9be4bb203223316d315155cfdc92829011243f616144bb68b3bce70adee2c45d9a0b7c2f08f4000000033f4d5825ab7804f3e11ac54d480947bcdbb61acdfd6d3c259c8d77cb69d7388c350ead194db4c18d8985ec29bd824418df363aa9115eb9840eb1cd6216d51a6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430741387" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000baefde3cc93eab54f1797a6df1e6271dfc963ad346606442a32863aaf800cbbc000000000e8000000002000020000000ea0986beb017ab62514d1ef4e9f35b7e3e53c953559c6987f85e37a476486b9720000000693617e359cea60963bb55c31cd0646b565838ca862e3eb550d5340d55343e27400000001d15477b693faeb109dcdba9f903728e838a3d885ce025492446efffab53745fea11e97fadef5d0a099052ff8e53fc67df46144ac17c14868f4352e5bfad23f1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 808 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 808 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 808 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 808 wrote to memory of 2428 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c07a93716f7385f28904c3660469400f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:808 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabCE0C.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarCEBA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3a280d1ed6ef66b0d2efb4c5c89709d8 |
| SHA1 | 492cd33041e997708285faf42ffad57942aabc9d |
| SHA256 | f0f1ff1110801583316907bdca44a6cb0a65a28fcd6b0978c8e7dd72f2f2af8b |
| SHA512 | e97ecbb9f2d2c4a0e85648ef0858a75c18c1235d8f2271170a64134943d2e98a021ae40d7743c8f338d7de9f3c540f2d0291b608212999c9e3841e49657fc978 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e1acd2af3e70d8a88a1dcfffa8736806 |
| SHA1 | 46a80dacb390179689db8d359e9ec2fcf310d545 |
| SHA256 | 019eb848172aa13263808547e16332149632b446beaa89be510ddeaf4028d13a |
| SHA512 | 18d98e6aa23d34194fd42639f8f54650e1adb79b6f8787ff352004e79792beaa991048f073f3384cc66d0361f9863d28be2b514a2245a75a906b77033045d24e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fe339c156067ae09ac68c92cbc5e2176 |
| SHA1 | ed1646aa5b0b92c4778ed4218e4f5176ae6b845a |
| SHA256 | 2e9f51b9eb39f829ace9f28df045a46436d1d59388df89049b1ef09ccb3557ab |
| SHA512 | 4957520a373c7ee5469306446212897f1544ff2866176767976fe28de129925a67a3f9caa1dd02983811d9cde278e8f2c2d9e9334cc288b784a04af8abf2adcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83dafc6d263379af0768f5dce4165789 |
| SHA1 | 083354b288556fb4f037fd2c555da2e213a0a7fc |
| SHA256 | b183fdc662535287a61bf476f02b2241f8faa368f5cff613052bb1af905d7924 |
| SHA512 | f51dcf4bb2be458f143298635cf3362e21dcae8c53b3ed14ac254e0639fc3c42c6649efd64e88147b3a6546ce88e78da48574ac60b199f26d67c5ed1bc198f6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb17ea20c86aa49c28c6e10932ccbed3 |
| SHA1 | 6452f98d046971fa26eea4b87ad5bc0d943bf38a |
| SHA256 | ca0b80b83acf687797531704a0a84dabff00f4f8a98fba910907e8364f210f6e |
| SHA512 | 918dcd3281813a95944bd11533be7907160cf8d2ed6796603113f8722275a9e77c8309ba9a571221bc1bff9392056df005267c92b551bda516d2c5786e615c9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c49c3308c7b4494d9363638069f7c0f |
| SHA1 | 61066e595e5ff6801de1f9a62868f688224846bf |
| SHA256 | 752492181e2a247a251210e819a2bb4e800710662e12eff669bea22f87c2f970 |
| SHA512 | c540cd4b51828f6c2480de6d5199fda7bdef8d7e0177cc93c36673b48810012731953a4b9fd8f6032d64cbb7a74618fcb1b44e771c31dc7336b72a06cdc8e7e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2a301174e19958a8c023b55ea65c09d8 |
| SHA1 | 3596d7c274fc5013ea37e6c8f27a8ea3cfce4175 |
| SHA256 | d66dcd4d74e63d0a86210bf5cf4afeaa76ca9b3c4aac0e082a5e2c5b908e85cf |
| SHA512 | dadea1d8ca031aaf452f734caa07eb45292d48fa4d2920180db593033387f05df9ea8f81c9267bc6cb2cfbcb5679f2c462614e6630556ac96c5946e5fb9a0093 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3bf81ca89331e9bad89354804714ef9b |
| SHA1 | b983c4e7cc660850e2540f7a2a2b0f3fd1fc8c99 |
| SHA256 | c173f6c6e4e6ef8e3412939865cff56d41aa7d46391d0d972423c24be3ee91cf |
| SHA512 | c7f9556635ad0dc1a2e54e0d3214881ea2ff0e29579078ad16790e7d06be95c6fa77f4cf0e2423208a2c9a097cce7c4f3b2d568c86c2b28d87c921d6a811e037 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cfbef22a399d5c37e2fb1166a21dad2 |
| SHA1 | 6ecf8b0e4d62033152fd6dc777c50a3ba734d6fa |
| SHA256 | 68cdd611b8d074ea3a68eb6f6dd5bd193e547672803105b5445cc59b4f9fba4b |
| SHA512 | 77f9f7f4402df9dde183a55abaf338c5c2b5b9c56c813531f16e7fde7bf766dec9b1eaef17dbc17ff9d8a1ae1dd886d7afc8f8bab056c624f3421747647e010d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6bb9396051001b9b82c4d127b0fba25 |
| SHA1 | 375ca25a8cac5fe0c8785c9eda42f5cdda55500c |
| SHA256 | 1ae3f7324966bb27c147ad0f990cd8da6aef73d0b6fbd3c170eb7f4c435aac54 |
| SHA512 | eeb1075224ab819083ce2f32f219515d9bebf027d70dc406f3eb9ec2b62a88e25132d65105edfe3fcbcfe83456003570760e15ebaf4922fc15b8a2f1daa6677e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb2248226e9c0edd1dffd2a5ac90f0f0 |
| SHA1 | d0bc98eff27704a3f81888886cc98bf65fe8087e |
| SHA256 | f35356566c5f6a66d350ccd520a5a88dc485864f190a639be157a19695a2cba7 |
| SHA512 | ddcfbf0dddd7fba9e09918108b5ff9d2ed0ff4d7d46cf978d3794ea7e327958041db3890c64811d9c8820d8e14344e634e98cf7548e59e17ed6477496218a35c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 766fa363940b4d14fdbc3f6ca94cbcf9 |
| SHA1 | bc4ba2ab720e107ebdb98326dd06f85832b29164 |
| SHA256 | c6d837468b3ab92f9ed5b1703da5330ca255be7be27400f4515938a01880afcf |
| SHA512 | 6939a71c8d4a20a6d75382d4829a79a3d93d8066eadc4f272e87e683da6c44e9e3f4043943ce6b07dfdb9622f03cfdc20e4339978be680ed4dd0b8bc105d0e1d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b745cc1b94672ed641f34f396a643fc6 |
| SHA1 | 2a599d41f53ca1676530ec031ac778c4d349d48c |
| SHA256 | 3f55e37978a8702023de0454d089aa8d1a38281905dd5363f83d3b3c5ff6644e |
| SHA512 | 713b7d2e59c26a0bce965d1861a69bc6a676771e85c89226ed602c8cd8027f12a4787a89f5fb6364feafc8ed137a6d28acfc95b1e992035939744a27b8b9fbd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c90e7ee5caf28ea540d45ffc40eb2a5 |
| SHA1 | 390ba274011b19a381eeae69138eb6682194b26f |
| SHA256 | 17eff1268621ed62f43a000374a81ef35c6c79ddc8421fdfa688fea25e01f638 |
| SHA512 | 86cb4a4a057c3707df1c0efcf578c7aeec05af9caf3f4afe22132ecb5e736095fc921b38d645e51eefdb5949fe0bcf9634f77aa243f92335db4f7157d7be23dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cc248b618f83429f09daaa6b92f97bb2 |
| SHA1 | fbb8aed4de0ba0c8690a7412e9a4c1d6d71e67bc |
| SHA256 | 41c0b513145226744cd354799c2152bb792cb0f26abad06fc8bbb952407c3ebd |
| SHA512 | 8d020da0cb7f8f05a34d0fa2112740dc5f10207f3da7fb9cbdf7b1ef96d7c65a09c1fa194874b0ee5253f07c48e2b7c2af364e5d757a000fd51247e86bc3bab4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c68b360bd341c16831e0b1f4f308e5eb |
| SHA1 | d54083f74640ba89a47c703212de9b72dc23af0f |
| SHA256 | 979dc45c38e5ce5bf68e72bb7ec785a4ad804c579e83a33721599a88258194e5 |
| SHA512 | 4d99776d5682e7496f8ca67df36d9527c17460719d45b1a999bcd2b1f932e5fb2a92687adae904b29ba3360fe89f920cd2dea9123215b3c74f91f234ef366572 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 09:51
Reported
2024-08-25 09:54
Platform
win10v2004-20240802-en
Max time kernel
138s
Max time network
141s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c07a93716f7385f28904c3660469400f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1308,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=3992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4448,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=3968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4740,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5188,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5552,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5376,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| GB | 92.123.140.42:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.140.123.92.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| GB | 92.123.142.115:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 115.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| GB | 92.123.142.74:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 74.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |