Analysis Overview
SHA256
40b9bca9c816a1342cd6b0035a09f3b33677686b56c3f22c587a305ec4fbe3cd
Threat Level: No (potentially) malicious behavior was detected
The file 7a32d6a8c4950641d56fec8aea708250_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-27 19:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-27 19:07
Reported
2024-05-27 19:10
Platform
win7-20240215-en
Max time kernel
134s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6BD32F51-1C5C-11EF-B411-768C8F534424} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082c51b95f5e76041a15c58469be850c000000000020000000000106600000001000020000000c1153789dbbb4ab7a66ffc33e572558b4c4b2c4cb817a0b6ac760cabcba2f329000000000e800000000200002000000030bf3cfde1388ddb7445b4fa207f05d22d507b7656087622f68228dc94a1a65a900000002db1c0536941e60fb4c58599267157b2413d22f28bd4df1e6473e686239b593a578f67470a4c52eaa86c8f7105047ccd0c1d418b304aad0e1ac1f90eb0d28e2577887729fed2dfcac78100a5f81861d29b4ff5ed5989af4d50901adb14073cbc9e582115bcc330d1077ea61db17d03a1ed2ec8539bd5f05166a56eaffe6b8e965933e83087d92665fcc38709c3d2f29840000000bcc35dee75b36d0178297dd76634aa8a977100860889f0d0b7417f87a3c2bf55ae3b5f5f4947e7774f9ccf9d32e4245b9bc4374089fe65f4c101ff73e5f461f0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422998742" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082c51b95f5e76041a15c58469be850c000000000020000000000106600000001000020000000ce049f111154377f0ef985801c636094f66f6821ed90235d867ff29817a8adfd000000000e8000000002000020000000c3ba03ea270c37527f9f8dc45b83598f037fdd50a328e8970d873a29a2350cc120000000e22df419350f2b11ed5f972639212334fc15820c2f466741ad5b479cbc882a0d400000007231273b1ddb8e5f42608ef65caec4366d6bf52f49c266982d32c6a82679ceee28a9d87359b0b67b541b3a2bf13799a451db4561db2542e1f3be85610fcafea1 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 007d8d4069b0da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2240 wrote to memory of 2640 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2640 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2640 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2240 wrote to memory of 2640 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7a32d6a8c4950641d56fec8aea708250_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2240 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 76.76.21.93:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.93:443 | party-nwvqdtumtz.now.sh | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 76.76.21.93:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.93:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.93:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.93:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.93:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.93:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab26E5.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar27D6.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 858f5153120b1f0872c9bcc868e6cd69 |
| SHA1 | 2930254e36e93bf224064cc9ffe67061bfbd01ef |
| SHA256 | 3a3cf1f53c14b77320aa65b352b3ac43792795b82a9da746a666d6ce92fa8e9a |
| SHA512 | acbbade4dfef8ae63a093fba7d077e3e5ceec0dd10eb1abdd7d5bf4a7fd4201d676a414ce030cd09a2b1ec397b1caa4d0f2e9c9852378ff9fec8de828a4e5a3b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 38cb119a241ad97c3bdcd07840d64cfc |
| SHA1 | 0fc6204266f79737321f34647c010f40fcead095 |
| SHA256 | 2993e3a989515beda0262c349e3dd2a9975664acaf3f6ac565cc115f3df94950 |
| SHA512 | ee91703dc3d539cfb3c2db0123e9fbd02f901068887967b17b49d7c233352c7f0c352d5d9727eb9715883392932aaca7facf86b3f3ecc2ecde0022e4626d6c01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5242caa0ee4a9438b7cb49cca9ae3a1 |
| SHA1 | 2c287af46a8b93da4e8436c10b5797884a8ccc0b |
| SHA256 | 9569ce065943bfe57b0cf32d03754b49e20c29d5269c328643933b165c011ddf |
| SHA512 | 236fff6e9e7c95bc7f88ced7a3f155199a287f1f15d8844d0fbbfa7ca9b188a9d9cdf95275e8a1c6b45f4451eb86fe6d594bab8aa131ec5dd21c1b8218517eec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f66a16bdea93898e491c57d040030a1b |
| SHA1 | 616435e02fca2ca51850a2e2bbd8c05f6b51eb2e |
| SHA256 | e797c90f7211eba22d29b1d26ec5bcfced3660b695d805bbb210bbc4329afb75 |
| SHA512 | b707d91ec8ccde7d8e5dae40b2d882c7136e92d751ae742db77b97be8a907b47eb2abbcafb845cdf4d3388967acf4401bba78f56f22bf70005d36db5960188b2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e053ad20843c5e4458845729672d75c |
| SHA1 | 7f0e522282d6c6f3b86e68ef96f645544cac5e2b |
| SHA256 | 13c6a3a81e22e92760b342bb65505378a709ed55a22423c82d5166b072849521 |
| SHA512 | 5e8a0b36c00e08e332617d3ba2c756f17cbae13bfb7d2205513f41c24a99132a71470274aae088c82635d73a75868baf13d55e8291dfc04f1ce55dcbcc5c4e62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f05a29279f3007f0208ac47b315ff0b8 |
| SHA1 | fb0cb5f9af24c5a065ee6b1d7ae9e1c1bed26895 |
| SHA256 | a49e0fe062685c1be11a4e5ee24e2f927d05dace5acb0029d92308e740150954 |
| SHA512 | ce7ffdfa91af024a75dbee0c0aaf58363dcc838c38f47aad112e08bdec595852b926e85819b4fbbee5916bb2fa0b47072cfa850ae5ec430a43ab20539b43c653 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e0e9b04a2acce4f64b81934d50df8d43 |
| SHA1 | 75b0a3a68f920d2cfa4d335aa7ef4c74342c21fe |
| SHA256 | 780c8e5a577e10b8a074b7f417166545a2a4a526d1c0f1676050301ccaf093c5 |
| SHA512 | 4206cd888478163ffcbb23fee5e763b5280baf8a1a42d86ae7e7d979d2f4626a9f1c532d13852bdb34d1c4748ac6e9417403714bc32ef04be68f1e89dfcc910c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 12203f6bfb1d40cf753459ab7e3cb59c |
| SHA1 | 5610adcd1e0d03ad7794447acda65915ce5b7042 |
| SHA256 | 0d05f0f14f77fdb6d633fa4a606c38311265f4f43924148280c3207ec1261e10 |
| SHA512 | 266d089c160a0f19e2e07c2bf8d1964a599098cd343dbcca7126607857fe20e1e6418e0166c27fe8a988f6d36649c5bf1d370af932ea1231b76af95c4dccc002 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 57ce5ef445d29e72e722a28533b9da16 |
| SHA1 | a4d89cd98ce7be2abd45be75650837f55e3489e2 |
| SHA256 | ca2ac43b41f0e886bc3eb5dbe74d476000845d719b288d9ab63a3057abc82541 |
| SHA512 | da4f699d438cc3d55d05d761c989b5dccdebd78718660789b0418e11781048119fec7d48e5de4a2f70ee667d1a09a85adcd5f18cd505e62cbd57bc49cc1a03df |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 790cfdacd7fe4fbe492eff174579014b |
| SHA1 | c56f61c631de4e6de339bf7bf2507519510f293a |
| SHA256 | 41e3d3268ca7775084b8f95606a2bf49768e04bb7be3fa032e11331d5f7259b3 |
| SHA512 | c3b808d4918785eb9bf5757e2b625971a450a378fbf05c733de56e30e3d81a793b1bbceddfc04286eb398e0412f2b9230d0698327bbdc83e0b8c0d952538865f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59a4d004a60e9dabb7d8df239678030f |
| SHA1 | 5bf037b83ba801eff5a5605b2f9d777d919d4d9d |
| SHA256 | 9f0e02aa58095067092d995a690a0214e99a75edcb36a69c87e54d061b3311c0 |
| SHA512 | a2ed5e0d4516be2e353f36bae57f643cbb57b5ae6ed0c6f667ad0e6fad978a0ddbb7a2f0112deb8154809b2dd28ebc28c37445c18daccc93fa960eb8dc6f694a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3eb284b757214065a6be9bd88e6db8d2 |
| SHA1 | 5dbba51d8ad43faf21df48c2428b8e43865e9889 |
| SHA256 | 721d7f979a9d5a5e8ebd0228dae4883daab5d23d2520dd1f71800d424da3fc5b |
| SHA512 | d6a65aaee4fe3b796bcf3bd3fa669ae20d6ecb0ed4d2e98086a6eab2f82270ccc249d8e2ac07d06af884c3bc5cecff9f63d395db318017cb90daf8f0c87da96e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecd26885484766ba40868466f2c444a5 |
| SHA1 | 548dfe6fe66eb121b4aec726df6f3ba8dbff9d7f |
| SHA256 | 5dc21bd7d2f66618c55490de56495c258d3f5332a33870e0344cd5ab62b93db5 |
| SHA512 | ee012c3d343c410d119ad704a0cd9f32678e67b27df82fdfac03de97839b3f36e9684adccef321631db935926cc8393fdc625d8d099f4b60016f0618f23f6747 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e80ca0600e8f2385cf1a48ad41b111de |
| SHA1 | 274aa6eef10376d2ddafe7dd2f105ca16e4bc761 |
| SHA256 | 4c1e5c31cbf23158d67b67a75cb72e4549e03b79aa8aa1e5823758f2e329e528 |
| SHA512 | d240919770b6fbe019e0a513173729cf4cc7b4efaa79eabf110027f773fb340d32e0039a887900f65b0c70afdfeb138ff8bff7ae6b1a09a7a05934ca0949d872 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ba62e96d405051660ae12defa8c9f9d |
| SHA1 | 842b9651c5f239fe563a019f5bb1dca8201a0ee3 |
| SHA256 | 8c7331584c6567b266194f760d7abfdc9ba3c3204fad7204e45a1eda4dee1148 |
| SHA512 | 792ac879c41a728d4594d47e903aaaed21bdf44b70cd81411edbf56b73516fdc7475d65728b37d847d56c2463081692e1a9bf27c071b5434118b7af66cd1943e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a15064dee7ba1b5974a0cbe2175213fd |
| SHA1 | bcbcc33f6188bf0fe6e1f169aa2d18108d25dc01 |
| SHA256 | 7854a9acfe2b1ecf591a0d02b02e574b6cbe2afabbff56c525fa2f26e9a222ba |
| SHA512 | 17921e20daab201bf995139d68e77af1e7b16b6c055bba1bdc54faf82a9447e2fc1c2771be84b60eb315431068ed0aceb73d6bf7737ecde8fdb9125f794b2604 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 860ae78e9cc1465c0862b60db74e1917 |
| SHA1 | 6fe4682f454c50651ddb53e5875fc9dd82157fa7 |
| SHA256 | 8f953e6b6751ccf8072ee2421a1f54f00a5551bf82412371bff80496774adfa7 |
| SHA512 | 129cb5404e8bfe31ff35435c71ab79c69a6072ba199118149f8ce8597d01cc57982aaf4772c47e225ae3b5029ccaa5dea3cdb0d64b9c76b6f04f34f360c16ad3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7acf94debd3b78dba40fcff2c682f02 |
| SHA1 | edfb7c8fd84ecdefb15adfd1a973d3583a19e1d1 |
| SHA256 | d44950de9aa4cc1a4f34cb30cb2139e51ab2ab788d26f3a6b3da82c078db6bb5 |
| SHA512 | 6eca0148665c8bfd557a27ce2005ff39749bcf59598304ae5ea40135d5f49b41591631c5855f940d16dd03cccb18b003078bbb0c422e99561f9fcfb9c5ab9bfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c427f171915eb20de89e394e3edb660 |
| SHA1 | 0375e07fa54c650862d43a0cf354d27018ce774a |
| SHA256 | 3b459dff6f0a80d68308e578d642623d83cb32ab6d16ed0f1cb66864766fa0f0 |
| SHA512 | 0d6d94ca9e0a49eb61344f7f774a59f608f6c3db73ce5142f138c056da99a5f081c56c015c6519bc50e8907b0f882c49f52745bff9429c8d64abf9f62686d418 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-27 19:07
Reported
2024-05-27 19:10
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a32d6a8c4950641d56fec8aea708250_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc63f746f8,0x7ffc63f74708,0x7ffc63f74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17386474085644877776,2272251511420814491,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 76.76.21.142:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.vercel.app | udp |
| US | 76.76.21.164:443 | party-nwvqdtumtz.vercel.app | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.136.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.21.76.76.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_4696_RLJWQZRFYVLGRHIF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 29ad6c57721769d08dbed9d32e4ce877 |
| SHA1 | 31a287604f6635f44d240142a851ab27a114d30e |
| SHA256 | 094fdeb5c416eee481edb14667120f11e7487a27814116b043aa54bfef87fd9e |
| SHA512 | f3b7fb0e4c529ca3e640dfcb24a4156c2adf6f827c494d3c119f7cc27fde16bc1716a8611ff843204fe051c3d9d3d51ad0b43c444ed9ceb225f7d8cf375832b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 114e7eec4f9c6c3b314d52a8d17ec998 |
| SHA1 | 58aff17e9fbfb2f732c9f15b06a8f323274330b8 |
| SHA256 | 3abd960d051c3957e6eed65a30f14c40212b4404873ae5604ab8b828443d4bf3 |
| SHA512 | 8ac70f1c4896fe2502b75d232326b22eb7544f0b64b8907f6ecd2fc33faeaba455d8e49d5eec21a675be3fb3c2b0529994a83e3efb61d73c77324ff67eb0d6e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2febd63e70e3d9c7014ca1b33b4aa493 |
| SHA1 | dd6b24b55e014e9d4647145c1487d863691bf597 |
| SHA256 | 4c3d5a1bdc58f494e76c8dad1a0bfc7be8f4af1f8ce6b1a13f4baab4f06fb07a |
| SHA512 | 26121c21c7a1b0ee4b0a5e9fbc687a17ca84b027eae43ad4a02590cbbc109d831da908f285466baa00088732a4863bdd40787a7a16e481370905e141aaa84574 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 63e94862b42530f86676ad4d8dad984d |
| SHA1 | 3fd2230f79711e641c7d8bc1fc8f6d671319aec8 |
| SHA256 | 02bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25 |
| SHA512 | 8f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff |