Analysis Overview
SHA256
5d35a83de9f9893dd81c00b44530730cd7c978b6dbb74c22ffe3e3b08b79b223
Threat Level: No (potentially) malicious behavior was detected
The file 704f0fd06b6ef19ef84928be045b4f50_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-25 00:38
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-25 00:38
Reported
2024-05-25 00:40
Platform
win7-20240508-en
Max time kernel
140s
Max time network
120s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000084a6467b6e596c4955528ffe4d91bf736ed2219bc053d0a734ed8c7e1651907d000000000e8000000002000020000000ea649f1edb7c36211a44cf079e3ee123f0432b197f441124876a0c68f7b01d4e9000000004cef8d3dfa3e6b743b6ccd554524002d417a89a368e946227a0fdc6c8834d75eb7dd72a2952d6e57a6bad31a8477d18e440d3ef1dbde63b20eef92965cc17ed30825aac2450dc9f54657d65d372e83cdee0aca1548fb18d9c2ce960339c74400152091d5da13180673b418739c1bc6a9055b14b83c9af1706cf40b9cbe2d67fa85bfc58cbb9140abd38b87fd31dabdf40000000a62e492be0de18ad424ace220a9c3ddf3a60fe79e1e999454532854486a4fde02799cde98d4199d4c169bbbf31d7afbd6a89aba8dcecbcdf83229855659d146a | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422759369" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c09a1a2d3caeda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1701AE91-1A2F-11EF-A538-5630532AF2EE} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000008a483be834c5544daa0760703229b04c19840d609d7a0ca429cf2ccbec682806000000000e80000000020000200000002d441a2da7023e496c7c867c4b3c327b5b0484d7e4fdaf3e98541c22ac42de8d20000000da174398a4f8416464910e14399f0242bdd6cd4caf7a14dec9a41627d4657a7340000000d1e822c8fce21d5e42a21591caf01beb126a2ee205d1b0e65c98d896ffed18b107d5529712806a47437ae8f2a135e594a8c587c381c3225416ab333ba03cde68 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2164 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2164 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2164 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2164 wrote to memory of 3060 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704f0fd06b6ef19ef84928be045b4f50_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wwyt6.56109.co | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabCFE.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\TarD5E.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 23f2a436c016ef573af5ad5e136944f4 |
| SHA1 | 617429a1cfa9b6a2102e090eb735ff3c25071490 |
| SHA256 | 604199638a0d74d9ec9f0ca769186d3e9ba1516834d32a39b701a4e348bb0d40 |
| SHA512 | e3fae0269d3e813275ee95b960352730176eb367faddb4797a08bfc7954a6e613e97844093037d48d1ab78779fe4631cc30f2c0d48dd69aef430ef552d9c60ea |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9567b86057cdbdb8e4893ad692ccd5f8 |
| SHA1 | 9692b6e7c0ebc809f016cbad52cd448e69e2527d |
| SHA256 | f825f33e8ef1dd37cc0b1ee7c35ad27789e920ab619bb395c75be5d4dbfbb520 |
| SHA512 | e75594e50d07d604b027026acb8a2398c91990cb7e9821763429bd37ca6182863c272dcf13417880d2093feec23de1b75538078ef2b2cfda23be7ecb88db2103 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8380b372cc2fc08a7f2cc8ae282487e |
| SHA1 | 7d801233c2ff0d8388a287d92264d91d10fe9629 |
| SHA256 | 414a369791ecd44bb056f4af63ff11845d48176f1ac88b9b52dc0f895a35764f |
| SHA512 | 5232083b43b25efc3fe47793a4ddfc92310ba293b48c7eb1ed170b2ff06841e8b039de5255971f255a94e18803c24d534d3ee857285cd0d9de2635c2bfd670c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9eb715a3fc606dc60efca2eb01be1d70 |
| SHA1 | a960b5acd569f3d414867da1dc10c8be5c770030 |
| SHA256 | b4fc913b8c4a1ee200b53e736a9f1cf83f1e52d76e22b2320b91badc2b3244d3 |
| SHA512 | d92c43fc65a10252095930cb840e665a05c19d54225c17d0e06621469b70eb572898bfdd0eb8476625082b1cd4954b0486c8e9da1a68a28e8299d4d2923c3f5f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53638820b545c85a71e623965e34bba7 |
| SHA1 | a27648978774669c9eb4208bda1084c53408e1eb |
| SHA256 | 86994946a8da060821e3fd2828145bf7364119dde38e620fc3f1ecb4488f01a3 |
| SHA512 | 0e929bfef7864d8fd1a5cd268b4a80729bc050375b9ac50d935ad8e637c3114f0de5cb01801ab3b308f856e1d79ddf3780bc05ec2486000565e81ebdc4e51f6e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9f1e7a3ebcd81d5a8bc7758b509e4270 |
| SHA1 | 935e656d0a1a38836636f213c25ab517a2906086 |
| SHA256 | 1bfbe2ab7e00f31b18042fa3021bb3dfd4ba92a3b25c1f9da3a2854be9993fb5 |
| SHA512 | 0b616e1000111144a9d4b12f17e5726a938682a8a9d7a2152cc7d9e95d2f3c4fde4e8b46443f19345f403c6262efe70553a89aa3513b02d386976e125ad70721 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ea3140cf6afdc51a3be050540de2df3 |
| SHA1 | 62f423e5de489f9497c3313c98e1943152c08e16 |
| SHA256 | bc2e1063d501179568ce1da5725b78e78bd959ea3d849e074d1c83d515632d69 |
| SHA512 | 07d18bb0c75aab1afe61879b17301ea9bb4e408d7814b8a154ce0d72026a043672f03fd4fd60c1503cf2eaeb31fc4e1e0117e03f410efc657ec0c9d22d9d0bc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 130e4c0edfd229304ac4b799fb1c890f |
| SHA1 | 615bf7809087abc74a072bb30c37e2a83cde5805 |
| SHA256 | b088d36e3d8626b91e5754fed23faa89323152d07931fa4f9f9e7f3018860557 |
| SHA512 | 6d855233457977f3144c90a71239dae727059b769b82a5d71a3d48a6a8789ec613c53ae3e96fbad205868750cac7811473325648c0e2cdabb264b1fe26518921 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b192c0d74185b8e6769ca9f23375aa8 |
| SHA1 | 112071ad512a89bdb2d54436660392454d0b15c4 |
| SHA256 | fdd7da971358d12e38a795b77c7e650367c61149716cc810f5bc8cfb713496ae |
| SHA512 | 5fbf92cbdcaa75ec7ca9b019d638e9d2149f9909a26e3d636c79200eeee16d292c86ef124710213a3d3fa7088d953004f7b2f12cc0e121ea7eb7231ebadd54d7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bec68cf25aad681d636a4706c9661b1a |
| SHA1 | afbacc04a48a0e34ff0a62cb8e757bf368fc4c79 |
| SHA256 | 3e4840ac4670f2a1cef5392080511d0108152aacb4bdc0ba858cfb02ffb5db15 |
| SHA512 | a9e887bc623a631c9a20044ebf6af1392811f8ce123b8b5d5ea8a69571ef5c53344a15290df560bf9ca28417f7a5fc4778b8aaa77b8177337ae74e806b86955d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52917dd8036fd219858f040c11129b2b |
| SHA1 | ec2009287a00cd1dacc984a0ddc24fd2be8a785e |
| SHA256 | dd01a26d2a9f665df56db9043da7eecd868658fc604c648d7642c5d05739f512 |
| SHA512 | 1e756da635c1ebcc98d2d9b22ca24e643c8091b5988dcdc1bae6ec3a9ddceb3e2fbae403a753258f0dc13d527e3cc29f98bf55ca8078535e63bda1c1f83ab4fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b531ed2578a161fb121a852cc9e1d8cf |
| SHA1 | f8323ac56a33970a45c50614568849ab8ac927d7 |
| SHA256 | 0f9160effc06220e5a688d850f3aa21c67dbe0f71cd7536f29479d29e046ecbc |
| SHA512 | cea29c851b4e9e993f6fdcd69dbe43e6e910a49c9152e83e636eac4b4b0e51ee4867768bf3d42c8f862f18ad872ce101940f9c97440c9afcf8e98aeabd84a592 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bccba41d9468c148f25427e2a971867e |
| SHA1 | fb722f8ba43ec8113f53cc89e57d30768928eeaf |
| SHA256 | 2144e5d489e13762a5989f834bd4e86fe2896071fb53e1e5442156ae16c26343 |
| SHA512 | 812aab59cbddcea84d0622ef9e25d486bb0489fe6a8afadb62e6264a66cbc0342690db37000c4c96e2f36c305befa6e72a79c4a0a3562581ffd5732f66b880dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fcbde77199c20a019726a365a78ca6b |
| SHA1 | b33fb26ca8ee8c3d1e9d93f285f3bfb982fc1e8e |
| SHA256 | 7bbd82d2b4e5c8f9f2400cee3d308db3fa9950f78348598e54e2ab9a35710d31 |
| SHA512 | 513ca75cd6118d3ed7772576fc5e4ddd219748dd337539850356b40ef3e2b55ed93004da9da07f303517e088ed9ff9820386340f5e769453eb46c2e008720e3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2432343adad8c748c81d3fa5d25e3d91 |
| SHA1 | b286689653c168989544088a226f45c83ea2709f |
| SHA256 | fc079e117ccfb4820f9c2f227e95a1065dd4abf1f6c92dac3306f26b9175fc73 |
| SHA512 | e5a63d33ddedfafbebed3c6bb0fd27ebba51322ef81a210b65f1c3c08f40204de6fb6f391ab7c351086ef947e0aeae120afe3a7ffefddb63329d085fbd45489a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34f6caf87ac2ee23e3362d987c64b4b9 |
| SHA1 | 7a86045ff5e13c149e9813fa286e9752714bf809 |
| SHA256 | a25842d56a55a53d043f3a4c662567e4e1759b9cad16ddb0c1fa757cddb213bb |
| SHA512 | 5b26dc8111ce23eddcf03837b49d1cf0bb329723bc643025b7b95bec716eacfccfe0c8d5d3ba21ad7917777793bb41197f30a5f3b31ab3437ba786e24aa53d77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e900a38c9cf1b98c323035b1cdd99584 |
| SHA1 | 975bfb4dbcb7b59d10596bdbe97c6ae11382783c |
| SHA256 | 7ee986a7f21deb186f0683f618f8290f41f4138478c3b84ae8945f5dd91fcbe0 |
| SHA512 | d7e8995e57d35f523d6bb4e0294715a950eaf1bc710a0efe8d3fa0f0d3b876e26e66be8b8b100e27d12c0dc891377888c38ce636fc93df62508efa9f613d0f8e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32174b3f28ed3ce20f7f83a29ae9cae5 |
| SHA1 | e7cdbb7abbad16b2a64c4d43a5245582a2241cbc |
| SHA256 | f3efbd48dd092f48b92be9d8eaf2fd4fb728d0b04bfedcc277fd81b5724c9549 |
| SHA512 | e5a4e7ded6a1a324354d274094ee2c828180db06bda823c878c6112346c0d067d6a2a47c871ae5c92a0d6a4faa0ba71422889d87c412c72cfe87c2046fc2d115 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-25 00:38
Reported
2024-05-25 00:40
Platform
win10v2004-20240508-en
Max time kernel
148s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704f0fd06b6ef19ef84928be045b4f50_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9924846f8,0x7ff992484708,0x7ff992484718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,16024178481456036426,1306992766988140709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,16024178481456036426,1306992766988140709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,16024178481456036426,1306992766988140709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16024178481456036426,1306992766988140709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16024178481456036426,1306992766988140709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,16024178481456036426,1306992766988140709,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4636 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wwyt6.56109.co | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 139.138.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_2644_IMKVSKVHRFOQESFW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb5ec72628cfea0fd29cda7285d42c9f |
| SHA1 | 88d9f90c54dcd5f9952c822eaeb19595d4817af4 |
| SHA256 | ccd9060ac37029cdd6bd2ce5fc3b4e341cb1dd8627009b840a551119ab9e2277 |
| SHA512 | 444df5d53dc88ec6b6188a9529c9bb26b4b5738efeec842f50ed47dfe469434138b5138da58c8d9aa7a983b3a871b09cccde7c2a94f6461bb3f31cf7f85b065b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5bac88c8965e5294bf86e16cbaec14fb |
| SHA1 | b697f410d4bcba0d66d3d23436937655123c1329 |
| SHA256 | ff054d68acc702dc76ded12c516fb789cbc14afbdb21bc6da2b69e8c9de32a1c |
| SHA512 | bb7c2937ec8f465879f090e4eda30d567a6713c1d124a2ba9563e53534106f8848e91a82ed155c0e789dda09642986ef0cad79cc830388d3fe51fe9cde4cfe5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc518321296c636b322ce14b4c2f32de |
| SHA1 | 8f25089f8e1e0d9db4bf9a623cac51ac53f4630a |
| SHA256 | 6530495fc42724902986ca481a9dc679330cf35ad443e6208e1ff36f2b3d7878 |
| SHA512 | e186d92e22cc33ee9f80ef4c6229b457e7b0c259d05834034f08f3d1a11020bdb417483a7582b56bc0d1b988e648c0e9f6ce99d341bbfb4344e50dfeceb955eb |