Analysis Overview
SHA256
9e6666327c7f1ede8abf19cd6d6b001d0191dfb89ddb10384a44c356374fdcee
Threat Level: No (potentially) malicious behavior was detected
The file 7560a59168aa800bea876d951b33ea08_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-26 11:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-26 11:47
Reported
2024-05-26 11:49
Platform
win7-20240508-en
Max time kernel
144s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7074ec8662afda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000007230ebcbec9cd0cd547b6976e51b212a9fe90d2d53b3acfd66407e54de15cdaf000000000e8000000002000020000000474080f1bf4bb5395e35e597940db2bc7c3892aa3c56d493437b838fe40a644b20000000e8bf2b6d59562bee6892d5b5766160fc2ee5b14580a991d3fddc36f43ece7aa1400000009b00a0e5c1e85190a752c670b65159470ca3c32c8b759fadf514a991773bf94d48331f821174222bdffd53be01a3db54126149d1085da1a90a39738f4ef6a4a6 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000004c277b67fd2e0e8bc76df0d8dca8764f4f9cae736fcfe0a92ae69a50c082e2b6000000000e8000000002000020000000b9c2ffa6f22af9ecf22a17ead98456fd8598a0bef77d30cb527a449e965b060f90000000e64deb3890ef895c8db5e0b9cac63c95298b22d3a1d15ec0f3e0e012404373195028d02e94b9db65a4e634dd97a5c17830e194ad8d343d3f04057f8972ad2495871b44a451ab2d881757f610cec2ce407f6d9e8f7f2df0112dd8185058986c2edca7c8b4b1a1930ba5566903746e2ada68ee36e57e941f7a69c54277fcdb30934581ed699eb55c90f415ac54e1a54e074000000061a15ed54b72f0f085e8323d97ad7d6936fbb112f5ccb4d26ffb4f389c82238548ae08ed1bae6d5ee8e14b1e45b511bb8145f1b764fbe5b6f89f855570d69beb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B15664F1-1B55-11EF-A4F7-5A451966104F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422885901" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2132 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2132 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2132 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2132 wrote to memory of 2080 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7560a59168aa800bea876d951b33ea08_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | farm6.staticflickr.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| CZ | 65.9.97.84:80 | farm6.staticflickr.com | tcp |
| CZ | 65.9.97.84:80 | farm6.staticflickr.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| FR | 142.250.179.73:443 | resources.blogblog.com | tcp |
| CZ | 65.9.97.84:443 | farm6.staticflickr.com | tcp |
| US | 8.8.8.8:53 | api.obfuscatorjavascript.com | udp |
| US | 72.52.178.23:80 | api.obfuscatorjavascript.com | tcp |
| US | 72.52.178.23:80 | api.obfuscatorjavascript.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | astudents.ru | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | be3f0a04d543b64dfc8f405ea4a5505b |
| SHA1 | 897b54fc3338a7d42f3bf579095f061da3eccb56 |
| SHA256 | 90bd14730c49d9de6f5d78f7d2f744b0645a1f018e44877b83c6bab81d4531a4 |
| SHA512 | a0d8c9a7e0914cbebc67773a7acee36090c9fb0cfcadfea8c1cb606ae060d227d5cecea379b483fe8de91f3a2e6c5cdf4141f5be6979444e974ff1e3a24682b7 |
C:\Users\Admin\AppData\Local\Temp\Cab27FC.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar287C.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08cdfdebe1af2cc454b80461683bd729 |
| SHA1 | 8261f579a77baf9f4bae13abf44e2f6b1c8a6021 |
| SHA256 | b7a189966dcd863d5a5bea27930c0c7fb2bd3fc6efa74534950f540b35a385ad |
| SHA512 | 893bf3d3e0b66241840384884e6aa02bc17c962fc2dea355d7ef991b513dbbaf181de51d5be83f618c85ea89e27f6bf5f6796e1c15bee305436aa1ad4d6c3a6e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\platform_gapi.iframes.style.common[1].js
| MD5 | 7ef4bc18139bcdbdd14c5b58b0955a67 |
| SHA1 | afe44fd9a877f81a3c36f571c0fc934324c6cbd7 |
| SHA256 | 192bc707852c5986f930528442d88a79e5bcf4513aacc2b722a3c5e964501838 |
| SHA512 | 6c2920e80e4d5059588a32f75bc2b5dcc19f8d68224c0935d74f9fbf49476ca5b1ce43c279768f3d36871dfcec39f36db3fcad559c2f93cc540154cdbb04dec2 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\cb=gapi[1].js
| MD5 | 4d1bd282f5a3799d4e2880cf69af9269 |
| SHA1 | 2ede61be138a7beaa7d6214aa278479dce258adb |
| SHA256 | 5e075152b65966c0c6fcd3ee7d9f62550981a7bb4ed47611f4286c16e0d79693 |
| SHA512 | 615556b06959aae4229b228cd023f15526256311b5e06dc3c1b122dcbe1ff2f01863e09f5b86f600bcee885f180b5148e7813fde76d877b3e4a114a73169c349 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 61e2d0f576ac67aeae13e6b48a05e427 |
| SHA1 | 68fb885207070ec3e05139b0c046c8db163362ba |
| SHA256 | c596a916a0657818856c5cb0df75b44454c47ead8c9ade2a7149af624507e0a4 |
| SHA512 | 117e7deb029a72d257e71fbbe30d0475ee63939d268b79813d574343739fff87d5d9063814e43e58aa5ed910d494365a32115e9a281ddf9ea9e71132633b24ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | caed602e789d124a8d4db2c0cae67085 |
| SHA1 | e41fd6c7815484be34d5dd8ddb04d8a0f9c14e87 |
| SHA256 | d2999c19c7b1582729d01d13269ca4e3a3e93231194b7a3209e1e7e668e71d4f |
| SHA512 | 030d2e58c9d7c4a4d30044cfc2ea2cd930160f98d65c166da0d9008b30660e172ea1457600893a89cd36f8ab95aa73c334fb7da988a09a9ae6c1cf4ea5945819 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d3e496a0d688e5939dd86b9eaeccc8b |
| SHA1 | e4dbd23ac0b44836be986e058ca34247b5133174 |
| SHA256 | d8cab50ba9af308bab109d2768a5b0284f6eeaa4c7567e05d5a769325c6b3fe6 |
| SHA512 | 119870572f52a05f331214da57f2e03389fcdc19db973199a550b0877c933a95026925ad9c533d3024cb34b93a4901a1fef41b17822e00cf9a48b27f9fddea42 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2f27941a137137fe2cd023ddeb4fefa5 |
| SHA1 | 9f2f98eabac0b58f6a0e1b839ceee498e23d7994 |
| SHA256 | 9e00996f7bc341d5700f992ef3daa9052645d7638743f650e8e00c9be3bc780f |
| SHA512 | 8940e6f95b652267faf9fc65b263363a158efb8ab682d8047045884816101873d00ab3ec36021a51677c89a806cb09c97ea1a0ac15b36860839aac40804509d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb96d6737ef70a0ac0c623a5a4c607f0 |
| SHA1 | 9a3f5fc2c04c8da38547ca63991767b061f61fe5 |
| SHA256 | 31bf63c0abdce144818ef9b9719d90f3c056a78448bafb5be933680c3fe55494 |
| SHA512 | 2987dd073f3b0f2b9d7c654ef0528b4a69d21aaec317fcea98be94702844f351c48c21aa7c3bd103e6b3c360a7d504d35e87653cc6bd9fa1829ef3b4d7b35ea5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 549b78af0c23203eaa2ec7cf0a70866a |
| SHA1 | 4c1a804d9a28c1fee82cc4e5438fbe741543c57f |
| SHA256 | 34858a6ba7d36d436a7125c0a1d48775203961ae991a9947dccecbe2116e5c90 |
| SHA512 | a9683394e2201458a273d8772cf8e3939681930409ee762fcb0bb9e8ca4fd1d56ed01a18d11b118174121cf67db644dd5e3512dec780bd1bd22067c69885f4b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92b2415ab389a0aa214f707dfbb958d7 |
| SHA1 | 9a401c5dc98605a01ddbea6154c1bd59cbe36bee |
| SHA256 | 373127a06208dc48a630129787f31d779754954bc8e63c6a45668b53b61878e3 |
| SHA512 | 8c91b7372ad4835d4d7884989bc248646d2981cee2fb17c32d2c76885ed0e8eaeb5ca4a72fda24677930484b317174835498bf8e751dfeaad7420197a1c6d98d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 53fdbe087e43c3a98dfade956723114b |
| SHA1 | 9a847f42b821e127b5aa4069c905d01f4f1b418c |
| SHA256 | 34df6ae644c54260006c3cee514249d8c6c010adb012cdc6c8ca9c8d1d715d72 |
| SHA512 | 21f87f8a1f422cfa3595f0cbe2013f5f006e0531498809349842a6cfda7c7a0eaa942aef0b4da3434f64792ab2bcde2986fb5ad761e1ee26c55f811b7c537c9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 24667d8e2a2ac1ccaa20884927637744 |
| SHA1 | e42f13e76ca150929e55e0d5b961ae9fc59b7c2f |
| SHA256 | a77c8d10275098e986a2dce755ebfc5ff4954705aa7eb233b99eb827bb1eea15 |
| SHA512 | fdc9fdfcfeaa310e901573be3ceab149a9aa78fdaa07ff40f4dfd7b073fafda7f51dd4bfd1daad590e6509ef781dd4eedd0dbe339e338f66498da9359ade396e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a26926bf09487595d850a32c953ac28c |
| SHA1 | 38a268c380f8a15b5eb588d9eedd5cb4d6cf8be0 |
| SHA256 | 78bf8d715ba447f101ef82fa5e34d7079668f64fa5b94eaff29d4396c8957202 |
| SHA512 | a1cf2312b57b0e631ce7a4062325bed3b82e3ec76e89526425514170cc93c129beff3df6a3f32fa63cef29648d3e4b53e29eadb99f0b35c86be0a83d0c2495b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e2c8f8ca9ff64862df0af070773f1cf |
| SHA1 | 2bf1149e797bce87da2bc519e273ae596bef5d49 |
| SHA256 | 00b74fd5d73b7e9c13660f09b5f5a60f073b535b13d9f6019c386bce59fc7b71 |
| SHA512 | 3194e52b9e8d19a88909a055ba5d50840a74e15ac78f1cc644c9f4cca07d98089d0cd08a30e92d452b7cb5a5746654344074d4586fa5ecc24205be49736223b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4b9e5639b5b454e8400a7784eade3c2 |
| SHA1 | 3603a56f724a3e5a983079c4e112a1fed09855a5 |
| SHA256 | d0ebc5819c8e417f67ddca064691492d5906a9c0a484bfced271e4ea9ea21075 |
| SHA512 | 4e7c582aa707b60536ba2c5e93371e3e40e11bfa8464f5bcbfce4d027aaefe9de5872809aa32372b64b12c31edc45d9bfb160ed7a00b38d9a914dcad985af071 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89852e0a467d0c049e66a4fe67b35cbf |
| SHA1 | 6f2bfcc32070c70d5ac1b59b9036fc0eea396d68 |
| SHA256 | 011a8267868c0695a308c59da1f79709b896e963e4c85a78ab561d37b854b60f |
| SHA512 | 70d9364d7e398fa3e4c70203a9f44b89533d196200e787ba757304ebc394214fa304b53073b13bd018ba4857af8da990a38b93f8c12e39c2648f30f55951a5da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 453a612531183189db237e068e6d5d00 |
| SHA1 | 8d304274c7163b2f7494d105eec2c8d4a3734cc3 |
| SHA256 | 076a31a50b98cfddb40f3d623228217aeca65730969276884f200afc63c261ee |
| SHA512 | 084294f34cc638ec4093421bd5969ffdf1239a8d2c224f15bca01ccc3a3ef066456a01b84dcd5194d09106c88cdb023d15bfe69183e72d1e81d5b98dabfa064b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b915a917e5f37e529f54c4dfe81d6d2b |
| SHA1 | c28a544fc116ddb4e9009d9354e1b5dc3e311ea4 |
| SHA256 | f690f5a2912a1d543a7b6009efef4934fcea1a741ff8d23db7a0fe8631ad7ce0 |
| SHA512 | 199d5dfd33e4ac3e0cd9dd56584d51dbb15ac5e5b7771865dbc35206e9bae7b7bbec782d99ff168e6b8f6a7832376ba2a2aaaa99fc1cec38ca854ca9206adb56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f07d14db3c7c448a9ad3e24a41f683d8 |
| SHA1 | bed42a63f17c5aded241307da98e6cd4ca8c3ed8 |
| SHA256 | 91b14f7aed8f4d974d56c5e3131eee631f94c27af0f85f4f2d46b86007a2c159 |
| SHA512 | fe763c5063f2d8f1d101b47ab25a7ad7e0c34f35dd612272b10dfdcde1dabc4f459a4b024b569619e52d2db661b35edbf17a19b3e2ef035ea476e37ddff44dbb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 94dcba17cfb01999595a9e7626ebac66 |
| SHA1 | 8db954559f64f2a68b64895c5e197d2dac06d94e |
| SHA256 | b9391adbfe5dc6ef16f9e5c7822fa0ed827f1ad07f11843d9cf979c2f78daf1a |
| SHA512 | 057e30189fcf727dee214bd2b108e5c482fb4e7bfa8098af79f1fd6a02b73b469e76ebd5e91074425f8d9deebd4817ed32900686ea87684f98e6f4bc0dae365a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 837f96fe47be186e3f17cca4bf091ba3 |
| SHA1 | 32c5fce8835f3a0328f2a610f1e20b8a2f244520 |
| SHA256 | cbd7051d4d858a37812e58cc1ce1133c02a66ced56422a31cad4c59c7ece399a |
| SHA512 | ef46dc2da3f6dcde4c45ac4bd8a34410aa5795953385d6e92883d28f3fda96cde9a26c97d997b579164a9afdda093bff0fd7d24278a54dac6dd7b96d1856a6b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d4b2cca9195c201a43b3187c4bfe0c09 |
| SHA1 | 7515ac611bdf0fc9947c596b5f1e1fdc29fdde45 |
| SHA256 | c3925f3acbf8be2354842ba4a5b87437efff387b5c39d4d55ce607608d0b3405 |
| SHA512 | 8df34ae5b68c37d16f3aac297fe20988dd229bac8655082f771ed2383ce46d229f0a61cff4a37b4fcd689a24ee8c83aeb93311ac6d73f795a1ab7519d3661c26 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-26 11:47
Reported
2024-05-27 12:14
Platform
win10v2004-20240426-en
Max time kernel
48s
Max time network
54s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7560a59168aa800bea876d951b33ea08_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6ed746f8,0x7ffe6ed74708,0x7ffe6ed74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13917160428459048386,2852423639570089811,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,13917160428459048386,2852423639570089811,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,13917160428459048386,2852423639570089811,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13917160428459048386,2852423639570089811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13917160428459048386,2852423639570089811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13917160428459048386,2852423639570089811,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.187.202:80 | ajax.googleapis.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| US | 8.8.8.8:53 | api.obfuscatorjavascript.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | farm6.staticflickr.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 72.52.178.23:80 | api.obfuscatorjavascript.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| CZ | 65.9.97.84:80 | farm6.staticflickr.com | tcp |
| GB | 172.217.169.66:445 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.97.9.65.in-addr.arpa | udp |
| CZ | 65.9.97.84:443 | farm6.staticflickr.com | tcp |
| US | 8.8.8.8:53 | ww12.obfuscatorjavascript.com | udp |
| US | 76.223.26.96:80 | ww12.obfuscatorjavascript.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| GB | 142.250.178.9:443 | resources.blogblog.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 23.178.52.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.26.223.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.206.125.74.in-addr.arpa | udp |
| GB | 172.217.169.2:139 | pagead2.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.178.9:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| GB | 142.250.178.9:445 | www.blogger.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ebdfae9f23f7bf0f6a23330accce03d6 |
| SHA1 | c0a176a4d78d087a81f285bcd0346296bfa03fc2 |
| SHA256 | a6da700f3b0d60aa4597eb981f19938ee02f3d7155e8e6530196e90b4d426a58 |
| SHA512 | a188aa5e95480d949a192a5ba51e01f5a5e4af94fdf0ecdac7c6b0baecf382fd4dded1a5799ebc371b6652af4d2cb2e11344568db24d89653b9804ca083807c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5fb80ae3666e0ca0c9e13b8db99449f9 |
| SHA1 | e6a3355d69d83b344fc5b1aa12d22e18760631fd |
| SHA256 | 4f2ad29c65e440fd29fa0203ea8e2df8d5ddb9722e5c5dbb47c7e99c5162913f |
| SHA512 | abb7cca7ce4725a9fdb8dddbb35d271c89e868916464fa85e79ee74d687001ec43a7b4989c48461a1a6e53c7c0479d4be189327196222c440d940062401f9766 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e2c521d9debfb12f5e1a65d044b5615 |
| SHA1 | 4fe214b9cb20b4e0ea6d073a32768dbbcc638c0b |
| SHA256 | 927b46f9f6e2cd4e90a0968b368098cde52c48e344f895c5598d2b8ad070f82b |
| SHA512 | 9b07598f8e95a3bd8905ec312572512daca0839039682ed001f637f8b57e3c8fd3484f73f16b97976d913a07b5eaf7ab60d1eedab12804a69c3bf526eae6eb6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f6e89212df5525ff745f5fca7054cf30 |
| SHA1 | b96cb8a69e7b928dfc2ec660166052a1987ead98 |
| SHA256 | 725163ae34a4ea8acce533070cf52d81c63c8b0242f19ac2c03f849648094e82 |
| SHA512 | d502c1248124de68a7baf129ff376650a44165f640af17db1e2bfba85af4eaa0445972e1fb9268b785e7151c4dca052f6f28812eee6e537fa3d510b1cdabfab9 |