Analysis Overview
SHA256
1ece3b42544c397517f58085fceb2b3aeadb7546676a6de4bab943d1d20e6ce2
Threat Level: No (potentially) malicious behavior was detected
The file 7a17f95b775797060d44a33ee1de9527_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 18:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 18:30
Reported
2024-05-27 18:32
Platform
win7-20240419-en
Max time kernel
142s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2D83DE21-1C57-11EF-AD38-76E827BE66E5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000004df9f690a8dd17aa50e0dcaf04a017db8eeaecae78a1df4c518c24295d6ee972000000000e8000000002000020000000cca90304a2ff568e901179a320dabdc84497fafc205636121fc46c5363dd114920000000bb2ff68b2c9f788f9dd6017e3ae571aa1619f8326d0918b88503e8a22c1818fb40000000fdbb3b150ed2e698b8d1304669f343f18d35946c93c1b7bce10fc192fec641284477dd7e07b30635c652e3b9c253afe10d89fdd21c6483938f76a7d7f93ce849 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d00dc00264b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000e5c5dbfc06fae76ea2e5c312a272ff9b7b7e5397788886dcaa2874d829257911000000000e80000000020000200000003608eb0c073d1b52be1d86211ef0d555605ee9ec673c5f30d1a867e9976bc47190000000d356b6eaedd46da6e96b406015f91d87f185c4a9e405e71305c2d69edf92141164927e4d9126838e34d3fd1b7217688299acc6092b9e453acf45dc42395f2dca60b496e7e7fee790c59e3ffe98751375bfe1501bad93dedb2ae4340e7ef18cdb526a5edf608d6c528be4ce058a78ec59ca255dfec65187dcfd37b498c6a1ea2c2ef00e9cce28a839c7067d7cba58db534000000084d429e2e0b10244c232fc1670711d597f7551ef3c31191b25971b170d6e1db01e1b2350971e33e09d1db680da6e1e95d4d8ca93dffd49eaad2d0f324b446b94 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422996490" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2236 wrote to memory of 2264 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2264 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2264 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2236 wrote to memory of 2264 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a17f95b775797060d44a33ee1de9527_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.palcomix.com | udp |
| US | 199.168.187.55:80 | www.palcomix.com | tcp |
| US | 199.168.187.55:80 | www.palcomix.com | tcp |
| US | 199.168.187.55:443 | www.palcomix.com | tcp |
| US | 199.168.187.55:443 | www.palcomix.com | tcp |
| US | 199.168.187.55:443 | www.palcomix.com | tcp |
| US | 199.168.187.55:443 | www.palcomix.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab21B5.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar2227.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4eb70fc2ff528bcf11a88e46025a9a2 |
| SHA1 | a15667995093313cbbbe3c0dff11b7c94f82df33 |
| SHA256 | cbc63a1f7428666dd5832b4e3803075352535f7b15cabb59b4c54edb42ce6c50 |
| SHA512 | 82c409723582c73d39752b7b3d5cd54847f00d79e8c33bdfbd3857ad2ad1b82f1f571c35ae85fb8994261b19b14c587b5f0a58da326a32586a68d29d348c2333 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 91a999af776c0e65f00a3bc9d4c46b6f |
| SHA1 | 236cb6c375236d526af36e9a6b4eb7110803a998 |
| SHA256 | 88197a0c312601d746e6d16647c409afd136ae24fb16856ae6c698758ee41777 |
| SHA512 | ecf60fe88cc5342e59f1f921ff85753da5951ec043f4b0a126c64b058149240b035df50919cb4a8bc5c81984bc1534088d611eb5c2134aa1d5d6657cdef815e4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 877c2dc4ffe348cae14855351d6cb27c |
| SHA1 | f97e0a4e4b91de15e95fba8f32d15157d5bec7a4 |
| SHA256 | 4676c74a329d416ae2204b911429e82c1eacf15ae99f80e13981272bcf1799db |
| SHA512 | d26ab1fd1a77fa94484bf134f731c0af7c7d80c0008d6e82611252a3bfcef303e4d19307714700d63de0dfed959f5a4d3c420cb47cecf1b11e27278c566c8649 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 15214416fa75b0332cc46d084c2d12a2 |
| SHA1 | 397312595695ae5441bf464a1c828ade52c17e6e |
| SHA256 | c48c37c569118e075aeadb0064dd0cf40f9344969394b0cc26b4d61f363e701c |
| SHA512 | cceeceb1bd677debd43e9573958134ac9e589613527d53a6b4d2720c6813b2b3145e8720b73fbc15304fe4b2799373e5b3907fcfebba06a5c3c80b1a74e32116 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88e93dbdc39dbbcac7706b0d3a7c33a8 |
| SHA1 | b81169228c3cf442cc211693713c71a0378bee6f |
| SHA256 | 4c902b7a28b483cfab7be3ec105f07c5e3a2a4e1463657b65267ba4ae587a628 |
| SHA512 | 5115afa42cd656390fa564ba543f9dc43bf9cffb25c4dd5c61472417aecfdd043788b69f0428891bcea5deaabf63c06e442342c3e8d4c9ec89d061d1a428ab3a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0fccc7e90ff8d92e6f9e3f540adb4d68 |
| SHA1 | cbdae2c55dcb8d86ae72162e254e710f957ac4dd |
| SHA256 | d228eff366851ec97ef93e9307004e9760d7c1374649464f7f4b5ee9c0d6c4ac |
| SHA512 | 6b4490c155cfe5a2a52c5c50c182b5127d53a86d5175e3b28f7315cabbb6aa87e002851b12614db9a29c4bd71382faae8781c74d7e64b6406226abb29f6172b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17e4767ceb96d5ca5065f32433495d89 |
| SHA1 | c83bf064ef28383eaa86210f99593594d8b3b7f0 |
| SHA256 | cf0793ae1f8886251f744844326d0db7cd157e5a0a3c12e67dac499ff2d2697e |
| SHA512 | 7d37c127d341ccd8ca1e55396389ec3ed26f5357603c909c9c93302129d60b035ae3dd09fdfc7a73d265e9eda57204c03cd3364cd3084e4d5ef07992bfb1aa36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19511ff7bcfc9706daeaf6d575140c27 |
| SHA1 | 82b1748a4cdb8c6d79ea5f00a952c172074cf27b |
| SHA256 | e0080a8fa40a4bbe9ce28303ef856bc4548a5bb39eb06b07f6de6f486a9baf01 |
| SHA512 | 0f40f7b8698a5e941ee2bfc8547a794c685e91cbce5212c038a1cb50d182b8b9716bdbf91dfda83fe4dd8ec6666b7c545bd4dedf966bed615cec2c3bcef27b28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | baafefa7cd84e7fdb204daa55b27e748 |
| SHA1 | fd84f671f46d06ca713c4787e4bab2a3667da42d |
| SHA256 | 7ece4ce82c8a0e26b321870f56ffb6f7d081b10cb81067b7f8c6288438d2dd80 |
| SHA512 | 5a79eceda80fec5f8d7a99fd08f9f81bb8b3f2200c91daf13034033cd16a5685a7ad1ffd386cfa7c6c9da8cd2d6525f4244f321a1734955bd8f860602faa3571 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f715d70ea25cebc3125b2b8f6bf6913e |
| SHA1 | 356e746b2ca1eb0d45ecc61261df269241e835dc |
| SHA256 | f6c6816a596c6fda3f0ae1ba28026fddff0a2be0250cc7cebc7105add2e675e0 |
| SHA512 | e93733537011aec4c81ddeb4a1bfd9149e0981fbcdb661222e4377dd0cabd19067bfee2005121bfa91413f5e6d085f2c23b7ca737a6259de9081a47707d6ca93 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bd05eb73bf29b024d5899ce06931212 |
| SHA1 | 0b76431d3fb971c393fc1dc29a848d2c2554ae1e |
| SHA256 | 22c23ea4772a45c14aad10a586805654704a785dc50215837657477c9be3dcb8 |
| SHA512 | 5ecc06f88a50004060518c5ff014363ad8199173849719142c3512f54522c9a27968eab42ef2340c3c759340169d4516b74a4abf8f54991f66090e4f5dc1cbca |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c004f6ed789bddd557f384c1ded01383 |
| SHA1 | c433b4a602c1c5b49867881450ea3bd27cb2c30d |
| SHA256 | 94a32af936f3a343cb99fae880d3485f93b27728ac737c39c8806e941bfce049 |
| SHA512 | 56be5180d9c41b52cc5e8bff5b3e171d01ffd174cb40ab54a9a75d2eda2c14d7ee73b6925ff519539d3b5d55a7542a1f9349ff2333be85b38485f5ee84c510f8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8648874fc558f45fb3e1c26c9454aca5 |
| SHA1 | 13fbbb04c74ac9e65e1c690472c9969f3495e08b |
| SHA256 | b30527f9a104310a357b2e2578bc6f46e6cf8aca1877c4c33ac58a99889d1bce |
| SHA512 | ce09db6615ff879270b803aadae89dbd620b9fd9fe48fb532e594701145f21f5e3511e1e66d12ec6db918b694cc1008e7d2ccbb985f233a52ad0234067be1842 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90b3d97e26bffa95b8123fa041ab9da7 |
| SHA1 | 9c96a1af277b3f58edbffc8be44f83ed6111667e |
| SHA256 | 1c7aad8822863084364c2d851ebb62b751bdc1b9f7abc0a5b3b3e0199cd24472 |
| SHA512 | 80bd2f74ddf156284c29f2f3690cbe47057141fbcec96539b7bf9c00b2275632169e5bcee6a9aff20121446387547a7ce5e79c95cf9cbf6edb20267ab284529b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7f52e668fec91f3d568c77ea1d15570 |
| SHA1 | bb998e1f2b44ff89809e6d69206319383397bfc3 |
| SHA256 | cf4f8d90b2848d48de89ea34c37e2c7718de8c18d06f3b29efdbef6dd9f83cbc |
| SHA512 | 064c72fe127299c02ff27ec567bdc4292d72b7f989f21d6e7f599df5343f6aaab8910258f5369e7759062aa99606d20dc9e7a7947b3396622f7717021b336ec3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b82f0785c5ab1499c9aa902cee0db3c |
| SHA1 | 246c379d4f698ac01da0461c8d11b6584b242597 |
| SHA256 | 7c7a8eca69011662e134efb39af886f331f7042938b4b07690dc0a74f3094245 |
| SHA512 | a8e6184a642bf97447e6d2b3af9789ae1f69681e5ce12615ca2c87fc089a9563cd9dbc3bb07b90022e43e8b342e845f168e6491e20420eab98e52e11f5be19ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2030326b8a7caffdaf5782ce73d9892c |
| SHA1 | 5fb82b21a43bbd57d77a7406e1541147ebfb6145 |
| SHA256 | 9d16fcc81593f5e96cfde27519df37e48824b2b876074acc4f2075318f3aa4db |
| SHA512 | 3f7e21e2db5dc9bf971f5e8092d91423cc5bac763d9df771f0f867411f04260e7de4fdc81d6f09e64a0ad15632c0517d3c3ee7eef06445188eff6b7e054a3f59 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 50ceff18a16a84a5296640ed1c476082 |
| SHA1 | 6cfd26eaa2fac420b344ff4fc9d7a8ad8f78f97f |
| SHA256 | 8bb12db54fc0034b2053f0de757fa430733f0234aae7fb232878294069d02434 |
| SHA512 | b18422d61d907148bbfbe396a4c5b50199479476d6fa2d780558588831362aaa6769db010883c1c26b82eb262aa3d25232bf3f13c7124543a64e5ae2d6de44aa |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 18:30
Reported
2024-05-27 18:32
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
127s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a17f95b775797060d44a33ee1de9527_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6915246716942469490,10463902866096089973,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2992 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.palcomix.com | udp |
| US | 199.168.187.55:80 | www.palcomix.com | tcp |
| US | 199.168.187.55:443 | www.palcomix.com | tcp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.187.168.199.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_1976_EQITMQWIBSKZLRZL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 21a0fe91228ad267d63424d9dcbe64bc |
| SHA1 | bfef58db2ec0a662100a09ab391efb2bb9adac11 |
| SHA256 | 83dfeb022e2dac7b8682a622d1e855b63b732e94f074cc7cedec93bf0cd7a4d8 |
| SHA512 | 47179103a9bd16adcc490c741647a53959509766903f98b783e178b7fe1a992da57f22421f29eb4c1d31f1bb55d64b618e8b3fb16744750e48148bd719847186 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\526fe35e-ca0d-4c43-9d7c-d5900da7f653.tmp
| MD5 | 80e666c56cd9493ea7b046183eb05b24 |
| SHA1 | 14443f930f43bca708f399f4ecd49634bed657d9 |
| SHA256 | 751fdc9f7c31cd1c2c9e5a8eb5290064b0618a7416f2d6ddba21162b104823f3 |
| SHA512 | ca2e09e0fa276197c748f748b736608748a770722337700bfa4ff256f8518359df7d65c0675808af5cdb89891f2da8dd708cba8af6d0b044c8d26e6b404a7493 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | beea763cf161216de4b1f72e85ffa067 |
| SHA1 | 753c1c6226a427ef0d38a021ef49782d201db26a |
| SHA256 | 527afd826464e70e2550273187d7f968d418f22db720ac93ade550c4b2a93071 |
| SHA512 | 94b72bf0c20794c0ea9fd795f8585ef2c758019710ce1dd1a26d6c158fb5761a5cf59b92297c184dec49481ff899c5d1cc22a8779a121558a0d2a24767a9590b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ae7970d7cb23e8d5ff36b55c21a35431 |
| SHA1 | 1acd92df092164e89173fadda2a95e2f323f8d99 |
| SHA256 | 913cc5ba75a133076c4b2ade6ac48e52e1ea2a0159db267b157236fbb186f04c |
| SHA512 | 96769e54c91a1d5e54dbcebcf61dfa38d3ecd463b90163eb8e5dc29e1f288730789f4d238667d07369786bf10390c77158b99718eafc7d86b69dddcf45d8d857 |