Analysis Overview
SHA256
2ba6f93312ddd35670c7588397e707c3704e7725932f48ec269d533871b76d09
Threat Level: No (potentially) malicious behavior was detected
The file 791c12262d152150e6b167304eb17614_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 12:11
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 12:11
Reported
2024-05-27 12:14
Platform
win7-20240221-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{458DBF71-1C22-11EF-93E2-EEF45767FDFF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000128b8c2ff75ec74faaf9efa3a24ee79600000000020000000000106600000001000020000000229c04b424359ae1d0bcf643b5053dcfbe312390ddf8343384c763856c67dc58000000000e8000000002000020000000647a43213725833b81a76868182d74d34c01442d8f5a12068f7fd3390c2298a02000000070278dfcc930426659f7765b7f080a506f8b3540b20f4c410187475b3a53d3b94000000083b03a394b44e5b25dd44facff855437f824b52cf936558d291661e290ca1779ca333d78c5492b0a90232976fd02eb59d0e262385223406ee7ea58d3b4f35a27 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000128b8c2ff75ec74faaf9efa3a24ee79600000000020000000000106600000001000020000000dcf709e6bdca2253bae0bba618a4465b4b1170884f340e287659ebfe6b23a1b5000000000e80000000020000200000004af44509a814ead0305d88f4d30931e3fc2c5d10aa1c698626c52ad983a67397900000002f4331919437443c5319589778882a9c6f49c54f4c767cb17acef5838b9e7591df4f733692953d1b95f27a2bfa121d824b6f7eb4df65ff7e803ecb34c2d8899f1ad9c389bc0f9865def5cb9f31e5b23a84182a4aec88db5d88b73a3c9fa1442350b6ac4a0b2a8b81dc6c4b4a60038269f6597b9017a57351f2ebebe247ba3fcfcdd315171d683ce387196a5e6355f13940000000270ff48386f9bb15e44a0ae62ea8be1ae2f35de3bccb84120d2aa78e5671ef4351f2b568635487e823aef5fc7033f9d15b15710d8a2989a2b370b1246b7fb242 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422973767" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20021d1e2fb0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2664 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2664 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2664 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2664 wrote to memory of 2440 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\791c12262d152150e6b167304eb17614_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab625D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b3c1f452e524cf6b6e3ce0b04e98421 |
| SHA1 | 2cc104eeda40ae9873e4be959610e2687109bc67 |
| SHA256 | fd56d5c60b123e2599bff704d6b67365df88941e06b2b3275d4b0c3997d2c7fe |
| SHA512 | 75a1615dc068312058abdf9a1bd4ebda473da2e5825532959d2e9721e3a59fe6167352186bd65cd19b1748ebc50049be753f374c8d3a7386ed1ffc60a40839b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar6340.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17582ec5b852ebf805f9e309c7999399 |
| SHA1 | 5fbc6e1c74529ef476663a6d7c62b2fed6bcd5d6 |
| SHA256 | 311b9aa85c91e67719d05043471a49d793ca4b887fa56a3305a6c72795acb420 |
| SHA512 | 274ef45956fc26df937dafab9bba7137cb7cbbe852a57c47b54a5488dc91365c5595f6db710e1f5ecc45ede646d34cb8337fde0547ea510169b4b7f4b3f3e8da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 136e5e00b4f0dfef232ec277e1a400d7 |
| SHA1 | 4aea68b6d10800e72dde910f464b3216e056cedb |
| SHA256 | 1c30ee2a7036325c5dda4da03fe75c5c87f057ffec82ffb5cddafaed52e75d89 |
| SHA512 | e7277cea21db9a4928a29d3e1bca837eb2eadc2ebe8ece04a01b8af9ac9561275fe31e9a9fe5ab376c0e69576661052a51ef879d6f5225211bb3a35ec687d375 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17204db337f904ed037c1283e6da2192 |
| SHA1 | 616b87f755be578e3dd0426dfd269ba201c7f40e |
| SHA256 | 56063a7d068ef7e1192095331ebc86a5bac0d424f0d2239464366a848a5235c3 |
| SHA512 | 759d6d9bace987e5f6ddc3b9d2700b7dc729fb4b9e7516d8b26b21379eea92f0ba96b21fb3174dd6ef0449d6d863939b956d51bbc3b6a021c0ae3e5b659d535c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1db8da525522a32973d4cad842425f6 |
| SHA1 | 598906b0730baec8f01be1214f8e89c2b76b30fb |
| SHA256 | de8c948db123422d6cb6678fafdc5e14feaa2a23d32c18cec821c5e804c54ee5 |
| SHA512 | fb4901826d17a3ce3c4571b38b99f01aeda45d9248f9d14925de86c9f3b7b0b7b8f97a9002ac27728540833cc0cb4a1c6befd9a565628bc3fa2499ab67e68003 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 776e8f7ff3ba6e0de8073e78b9bf44a6 |
| SHA1 | d5c129996788cfeb90b2e37beaa0bbada724e23f |
| SHA256 | 5e98084e78b52dc97a4c6acd2f4fedb2110446a116181b8cc4406ecb7bb70b63 |
| SHA512 | 4fb1c7eec60020baf7bf660ef3c6055e07a4213e3ff51ebf79947f35b8bf4e028fb28e8691b077e2fb8a16bae829190cef62cfc05479b4bd1801be561fb86651 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3eb254b365db6e3e8b49133934f84da2 |
| SHA1 | 7853778bd35bfcc2e123b2927012cdb75799f1f5 |
| SHA256 | 12a0acf17499767a47514b374576e8bfa2096836d80e158414b000f8224fc5c4 |
| SHA512 | a4aded7c029656be589665d4d8013e6bc0828e5234335996da60d62246c1c6a274e02820667315670f66a77c772a18c2d930295898b643d26392ba7d9b80650f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 49239271564aa302f3a41eac9980ba20 |
| SHA1 | bce630b80e2b4703d8e0aa5902765454f4473387 |
| SHA256 | 77fbcf3aaae42d3edb63f800e2eaa1542b79cacebf5e712f2e6cebad5484943c |
| SHA512 | 12766fa45182d4a931bd2265515eefbbf5e9603df52ab649e122328478263d38271e0a88516297a242d1707ad4309872f025342a8bb92b7ff13da4721b578acd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 287ad9aedd433775096187e1daa5315c |
| SHA1 | 97fec01919808e634575eaf6972203d7ab84f00a |
| SHA256 | 0d80afe9af81a6992f4b52719c4cd3ea29a658ac308ccf58f5dace10237c1f94 |
| SHA512 | 88c2090cb25203a70abce0b073acf632ccb961ea985a71af79941852bb790038744c28fa9c21badc7c44d3b5607d54da6e2eea2213dc3f58d48c6f9a2d0462bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 248e520df1d7bcb125a09f9f1a1a3bc0 |
| SHA1 | dbafcb6dd4098c5019fa07d8cb9b2d68f210b0ff |
| SHA256 | 88c0a3fdfea2c9573efd66367bfa04297ccc509545d6b75b9267514cbf624413 |
| SHA512 | 9c7565186fce55beb33d79f517eb1ca9796a3255bddfa14c6af7aae14c185eca2136ffb76260d3acd00eabe322f9607b9fcdd7bade397de56d23acf4e95a3322 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9c8b2a813e4cf97c30ab5f8fe136e866 |
| SHA1 | 8486eaa6a73cf062c28bca6076956c8998e60d02 |
| SHA256 | 25fa3edb056801b1abb92d1add8bcfc2a1e4e9916b745b0d2b9953b656a3da19 |
| SHA512 | c4907b9df232de1da20055ec69184d9245a83101c04a7232525c9830944368065fec9d9e3abae0562727a91753b322821e4a80843d8bbf6f0b5de7a53a8073e9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89f2c68a017b94c7f75e2d84dda1e661 |
| SHA1 | 68cec0886b26381066353fb8f0748b4e113f2da4 |
| SHA256 | 590a42520e59d665841700ea8b308fe25d0536b6c17d2808505c15d96c7135d8 |
| SHA512 | 2410357ae663d0516c4d2ad2b3b8290419ae0b0a8aebedb6b2eebd8ba6ed0656cd9b16aec6221e0970c8dfe127bd6c906d974b8343020efc53c0b93f3eba39be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | db3035b59f82e5c8f6a25b8d6166ca33 |
| SHA1 | 8df031723b8c8243f1a7bb5ebff08762f86d3e05 |
| SHA256 | 290e16a415ee4968660df169a3898a6f2b111584ff404ab2d64462de965c16cd |
| SHA512 | 711e7765d343caef640e346ba486c746751b60ec68ee02a0f036eab3fef4055447f38e411086080ec8c9325e3940381b51e13a25d7d363fa3143f799503fe16d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e6bda3464ddfac476f3926e7c2a2fc8d |
| SHA1 | e74044a87ba85f5e425da93f6e18a805fbd5ec25 |
| SHA256 | 835d37cb0f1902c15f519a823d3f5081284574fd4fa37fcc54a13a9786796df5 |
| SHA512 | d7df3745e84bd37e37061933e606b5e0a32e46574ca32c756377b5fb852ec836a8ec356035f3eb75e46d6b329e06442671531f808004076ffb14d7e83357506d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 276788a6b8d99b053882ab32bf170bd8 |
| SHA1 | 2fe665804955dcaa4a789245d93a9533928b6948 |
| SHA256 | a4281348607abfa7bd087b1442da8538b9de0c6b1808341f30c44bd26bf6087b |
| SHA512 | 7b8855d716df245b099b7e62320fb4702958a5c7e11c2420c6a28d2e9b54407905dfd666f96978e87f32ad722e7830d42c8cc72dabb35f3b89171cafeb2c4a1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05ae29436df9fad0e18defc5b5ae29ec |
| SHA1 | b8f877b4b00fb0fbb7f80f082081fe8e6d864a46 |
| SHA256 | 8766998439b6b1a222664798c3e346e37f302c7e20202a34506a90a9dd12f561 |
| SHA512 | 0ce183946e262766d6b561cc0324b449b0baa68486c43b85858c7a68b355515ad4e8be3622911947ca6c4913ee58fa05d3c6f5ce5706be2de461f1aad9d718d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42d110a56267f5ae0e991fecb38cbb8a |
| SHA1 | 28b89f1117a8b70d6e1c71d8d8f07e794c0c76a7 |
| SHA256 | 345eb60dc098a31d94418942041f8247df5b59d3e731c27ea936283f7495da22 |
| SHA512 | 28df0adc56c9b5303a80a94f8e8f02db1026873885f8f36133164754f00e6174d5047e5c80d6b12f64de91bc1ac7f6215afcef853643193370dc0f74c9bc3369 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfff84959d2883aa885d3ae3c97d1a00 |
| SHA1 | 3a18076b289eb08952d8ac6bef48ae0f783fc5b0 |
| SHA256 | dd99802b4a7c4efb23751be83a77113a1ce4c3d119e5bdfc5dbc514d8c7fbafc |
| SHA512 | b7fd137b3394c2f8f22df2cd5e30d023ebddeeee35b1ac23a64774a68864f37333b48a1b7229913fd4a44207f959e615bc088a6537860fbf1e967f3f493a9d30 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 22a9da2c12fde07575ceb3abca8e46b8 |
| SHA1 | 248248d16568975a47f0c9d457be8cd5b6c31ddf |
| SHA256 | a5b8d0ce9df5c1bb7e70af21b18dac4584d9ea73384b84c5364762b7405f3c65 |
| SHA512 | 1d40de69a7ec2cdb845c47cd8de77d8d3abda1ec32f30a7d69bc9787c60da48161d7a099680beef0271686e46de81f11e530abd530aaa0b86c1dc9857136842e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 12:11
Reported
2024-05-27 12:14
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
129s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\791c12262d152150e6b167304eb17614_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa682d46f8,0x7ffa682d4708,0x7ffa682d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5295567274458208910,2541142893765527120,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1288 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ag8aq.cn | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8b167567021ccb1a9fdf073fa9112ef0 |
| SHA1 | 3baf293fbfaa7c1e7cdacb5f2975737f4ef69898 |
| SHA256 | 26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513 |
| SHA512 | 726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54 |
\??\pipe\LOCAL\crashpad_4820_KCEYSJLQCXFLNYPP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 537815e7cc5c694912ac0308147852e4 |
| SHA1 | 2ccdd9d9dc637db5462fe8119c0df261146c363c |
| SHA256 | b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f |
| SHA512 | 63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 96c3be0765aaab419e53e698e8d2a7c1 |
| SHA1 | bf092a077bea09c3191fe0ceecbe88acafd59cda |
| SHA256 | 03cb276b802dafe74a35c7a61d715b460d608cacb36a02498b56a1a4c7a3db38 |
| SHA512 | ba49b5b7e0ea6bcd3833f13915ec1776c3f8f8e36144129599642ce5f3fb5cb33106574e7816091d0bb8af51e3f4b79d95ae6a5552899b10d22fecb0957b1400 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4b67433f6fdaa856ba5544f68b41266 |
| SHA1 | 524a74d978427561d832bd8a771e04c3a2329216 |
| SHA256 | 1e8d6b1d24c4550c9b77da545391e4df62da7b6a668de2b494369430a5604c5c |
| SHA512 | 1dab21cb14cc45b74d909b1c85cbba30f583130eadd4486a4dc529387aafe5afb224957f7c9d8a49204b45d62cf35e0e730c3cba78ce7e4d16ac99253e570d7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c57e8656-1567-442f-aa0a-8d752e2ce110.tmp
| MD5 | 126f76177537a3e93072e4d8de0675e6 |
| SHA1 | 8ffcf7176eb49c40a4286f9fb6db2f5a89aa8a6a |
| SHA256 | 0e5807dd3263cdfda0d93cd7bcaccf98a8a49cb25103292b8c12b4e1abe405cd |
| SHA512 | 5b00325865f06a5819e639f630a13d6d2accc9afb541c590dfe5e820d4b7b81adbfcc9604d936233b7fff5dbb2c337b68eaea2d8d226073236028e96cca13836 |