Analysis Overview
SHA256
203bd32190449462c136ec7fc7b33edae2ce457040780e638d30bc5fa906c1bd
Threat Level: No (potentially) malicious behavior was detected
The file 7e48e3787ed2499e194eb3319521d6a7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-28 20:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-28 20:24
Reported
2024-05-28 20:27
Platform
win7-20240221-en
Max time kernel
149s
Max time network
154s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423089772" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d6332306ec8ef4d8fd6e4c3600606130000000002000000000010660000000100002000000065d021a3b833af1c274cf442f1593854282e434d88995e2ae80e5be80add016b000000000e80000000020000200000002f2232a2edfcb696e8836b80660625567c76d53c4e9c5df61e8a38f329305b5e90000000b34118cb3c05cd6783e90669ba7d1379e475dd136194b3828658338b366ef1e34a17fe55174ef9c24dd2291c0ac52baa896b7954f131742ce5e90c7d8bba4df2affd61d72de38040d8a5da798a4883bf2fe63f26b7cb03a3b87f29e24a53bbcc1b8bba0a839f12180406e770beaf07d81f81ab51f5759b50c5dc3e834260681eeb187935508a681ebab9eb61d42d34b740000000b10a4c1bd5ab2251b898ed48b30a9150675786a4d6f4ca2209373e51df78713563a722d1c88f37afd2877d6675777f832455a7af01f50b8b8ca2cb4c37b537d2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d6332306ec8ef4d8fd6e4c36006061300000000020000000000106600000001000020000000fc9b97fb75d9a9dfd101d8d9f5695ee5becee6061b3ddcd141e5f330b9f4a696000000000e8000000002000020000000b6368eac42514fdb92567c429a9e373f64d1065fcb1d929b96abda8793ae84f42000000009ea5b6033186d2b1d5f1f9104342d017732dc34316d47ae11a978ae4e0a731c40000000d9741bf371d954fee58a050405241b1aea1266ac279785e280626137002a4775ff98e3235d4f7be7f5ce70a736cb278366a8f7e797255eff305f49f73c5f80ea | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 608a6a713db1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5D7539B1-1D30-11EF-9F3E-D2EFD46A7D0E} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1544 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1544 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1544 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1544 wrote to memory of 2856 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e48e3787ed2499e194eb3319521d6a7_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1544 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab8AA4.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar8B86.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa98ec06d1c9ce73aafcfd5e37f5e725 |
| SHA1 | f26e08e720f96ccacfaf4b70f5ea02afdcff7778 |
| SHA256 | 7d7369301626f3bea92deb2201c4b94e70cbfdc37b74105f08eec0a9a62fb12e |
| SHA512 | 2ab3e8872fe0513d360762898efc0cb8196b18888a0616f36901cd39609ccae87cc93903f4c1c0f90d7b4e43f5a8f7443ff9a1754c74679f61cbafb895c8957f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 691c4a4cf1c15a2f336f72d429ef64c6 |
| SHA1 | a0321cc61a104b27f8dfeb0bfe94873bd1fabad6 |
| SHA256 | e6f362356f8d0948bedebdf4a97a92551d50a2f0ad36aa22469a014b2672c1b7 |
| SHA512 | 3b25772d14a5e0b3a146210d80474ebbf57a6ae340e109aa51b5bdf32b5e1b55630ca63eaf31ac14dde0677601a4757619cac753576d6f3eace345e87d24f867 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05a61771cf3d607caaa40c62f7351690 |
| SHA1 | f41ae429d87061f1317db0f1ad7a6c7daa8de7bc |
| SHA256 | 60ae1229b8a03ed107bd46959a27376c2b6de4b85409ac886f8b32d436036798 |
| SHA512 | 1ee8602d0825a9b18dfc9c49b6ddf2142c7e8ff609f0c40e567f0297143efc8574106f63c17887bcd0769a5ee795a0b0f86e5fb87a2fa6220ffa952a5c9a4e8c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7970c065f7ae447868bff21a96c3c20e |
| SHA1 | b38c66d5dd1b179ff0bc787afefd8101d43456b0 |
| SHA256 | e6b932c592a7b9fbffb69796e35bc52b631e3ee87559ba406067bc57dcab41e0 |
| SHA512 | 9249f0c28d933be8c922ddad6b4fe7877b7c4a0171668beefac62ae17de1ff1b435feda22dddca18c51b32f9f14cc798db31231bbfe82a5b446dbf0afbe923d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a35e9505d05f3c14a1b619f0aa1e1458 |
| SHA1 | db72cd89d43a5d5453ce14b0a59d1e2495040f8f |
| SHA256 | f6601793a8b0810a645787b45b09332f582ddcd0ab61ecb0f701aeafd9d7c6dc |
| SHA512 | 530cd79b5234e9a5f4fe82d45be70143980effae4ef3b210ac93899c84e290ba3e2fbe52a8c0552bc45ffe677d7cd2783ef00d4f6069729aac828f3735cddcf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f861eac6434afd2fa363efbc56ba789d |
| SHA1 | eea09c39a2da5ad76534aa3f2b7a5bdee928a5a9 |
| SHA256 | b24f53c05ab3be82c7c543179a1bd56572c920e1c373081aede16ab891b6a10c |
| SHA512 | 3231eff68121524eb5d5bf4e03886fd73c36cf2a41178a9813a361e0ba641a172272603b20f0a14b8ea9d9b7c567e88200f4be92414e18a9a6fe9ad39b37a06e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 976af59b42bc9cfe248dcbffdc6117d1 |
| SHA1 | 410f575b2e67926cff2118842e5c19876b05a712 |
| SHA256 | 80fafec0db2c7d9fee8b7d207881a8647cb2c36a21e667de6f4493c49233fa8a |
| SHA512 | 59213c927657f2d98f2b82420537f820d9a3b8e1f4ba6b91bfdbb1e28dc89b2692c26adaccb5a04b9e9610b7e77aaf58f8b5e6170876ccb21c39ac3712bba326 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e23db2110163838f297ed0749ee497f2 |
| SHA1 | 24499a391bdcc720ab32b4c223343822c236c4b2 |
| SHA256 | 7a48923ba47107c8496b64f32267323eff02b0004d39e71297abd4c3d35f2846 |
| SHA512 | 42e93e935c6135fe3151ad260e3eece27d6930693bbfe7a3eab239b92537201af2a25efc18699ea95824e119b4ea2cc6dba98e1529d24afae773d34e0111560b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 26e583a6a3f99db3b9bfca1176340a36 |
| SHA1 | 2f78ab96f1f78d1592ef47f7dc9cb77bb168c093 |
| SHA256 | 1c00dd0432bfd2441d2804510b94c4d3fc085c7f38bf9a7bb948a7c2384ab33c |
| SHA512 | 2c20461193dec0f47aba692d979907e3370c2444c5549fae8cf7dc7a5ec01e726c534bd7a2a10c657c607cb3dcca0b22d825dcfb28af2e20d5d9c779f5c11ccf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9d57160c7752d870f724109a820ebb42 |
| SHA1 | a85ded6cf3881b2151e00c95fe57d51b3d2cf1b7 |
| SHA256 | 02336495a00a54cbe752f3c2c3ef56bf368560ceb5775b4f893d1cf662197b60 |
| SHA512 | 330296f358e52c405e48645d7e7c4e5a3727ebdc511e7a533d633c2fc38d2ff84a19fa5b020484ae5abf78d9b7e0bfa065f22c09d3677112b9cea5af7ed2a073 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 547fd3dbc7faf61260a9c3e3d609213f |
| SHA1 | 378631355dcc7a878c8ed823ce7b1e67152d746e |
| SHA256 | c1734537801d2c36f59c4ed811ea02da56276ed252030f5dfe5dacb3387ed07d |
| SHA512 | ffc11dab6976ba10b9ea106e5a51cb241e266ccc8683671e2995fa2e561236d9ce727efd5d5c4f41a1baf2fa1f5d85f803dd7c1637adacdd9dd9d73cd5de046f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0848f384326c794dd2fe0edea6f571e1 |
| SHA1 | d7b8daf23562c8d0ab4e6dffa48d3fcc6fac1195 |
| SHA256 | 95731b6ae57f9b594367fc8c41e3e398cd24b6c3cc5f8f1a7b4e9e0d1e353c05 |
| SHA512 | 081ea7c4342ede650d88498947ba8ed303113c37ec1ecc66599a8fdee84f3f7d0061a7da781ccfc6eca0d9865e91d83677f11131b5d5b6d1c5881e5917158dcc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fc0c6bd26dee027a37091756b38b11c |
| SHA1 | 3dd2ae622e6e319b021cd870b4dfa4b1411ca200 |
| SHA256 | 760a9bc58d70f3dc93f2b0a74c1fc8730e3efee42750d36a4fd27e03b980c276 |
| SHA512 | da6096b2489ad40a0e720861a7a4c570b3dc9520e067c2aa9b497f720a495d8dc6629761562399bec69e3c0be7538116184c94c64866932e17efad0f0646c157 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ae4e08781bf4d66cca17c85594f2e912 |
| SHA1 | 4dff56b47eb909110814f9349f472220ff25a919 |
| SHA256 | 554b7496cbb6ef61ec35add77d6e3bb31ecf68d0b45fa8db81136cf6c5245041 |
| SHA512 | b3207456f73918bff07d261f308c7845c470f57bbd7498d6ebe128996b612ca09db4a87af4145e7087b111b9f9a9589814f277899220bda08923c0d5019d2d53 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6f2071d8f467543bb5a539f48320f0eb |
| SHA1 | 72d30521eaa9b6921c78aa1fbe00eb7151b10021 |
| SHA256 | d324acf96e5d5a52f5b468c9ba58d2cf36684f60072294508d3aa9b6f1506169 |
| SHA512 | ce01dd0c0cafb2d599c66bd937b0f01aaa498a139d85e3164cc041a65935080de30c390fa2a7bce028bc2f84d5e2b0c0c2e08792717147babd20ecaf18918692 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ff334a4953c8a6cd6486fac336f9f93 |
| SHA1 | c1b485a18c9ab973189b2fee0358452243b062dd |
| SHA256 | 1efcce3a0990b4eb31c07e21bfd6b9c13a6bee82b72acbeb97dad0e2db894ae6 |
| SHA512 | 67ecc49985f76d6d9e345d646e0b2db3e5704766ca895e5ccdbfefe905129b1354f9c7c73fca6da57308d08996faea5d37fd4c56204e72329ccfdd8f4026d04c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 81c0a24b6f440212f7dc15c253958aec |
| SHA1 | 0ec6d085db1af0bffaa9b66730f107a9ae1b8bbb |
| SHA256 | ce9cc541127c651a10dddcc916def410e47b1f7e31a524843470b238580c6a68 |
| SHA512 | 37c4ff3687c47c1f43b8f4fa3c266aeda27f463778f66bb685d83110aa8143926c002effda7c98c8c2e6930aebd7472203529bd749532dfef1c2f35898292e08 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7877ffe19667a9efd67936fea1bfc28e |
| SHA1 | beb11b6289281df5ac7c2940e1f43d7fdf1bb57d |
| SHA256 | 277933a1b121b17350176eb155591397162e84d3c4b60d41bd041afaaee2e5bd |
| SHA512 | 09f265e63aa3da6bf18ce061398e4ca177b6a24a1b248299a1925e2090e3320e8b16d52937f64b57802ab4780e38bfb813a059842eef342abb528faccd966d25 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1b4af6ad50dd374456f2bd0d96516e24 |
| SHA1 | 566cd8c404db0938d87e3fd6dfe549ae64c32716 |
| SHA256 | dacde23d7331fa8bf3ce6bce298974ab9c0f69a7b61414bbca08293e34890a59 |
| SHA512 | 87845d66a9d4de0fe26767b4bad14524dda10bd271f2825f5d373df8035979e477e6fe818f997c5fa7018476d090138af9641cfc6694010617e4f5545bac6bf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a8c53d9afb38e4d5df877b6422e0070 |
| SHA1 | 75f81b70acb48378d483c3c1267e0aff1bba272d |
| SHA256 | 4f3ead4ab4cd494f5185aec91dc95a154274826030c8014f5d2dcaa05574688f |
| SHA512 | 367b182544665edb2311b3abcb1abb88907ca0302e0b8afe04418e210d62c67141fbc63d139dbb731f9c175b76532398e293d374994ce978b8ee5fb941191248 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-28 20:24
Reported
2024-05-28 20:27
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e48e3787ed2499e194eb3319521d6a7_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9584f46f8,0x7ff9584f4708,0x7ff9584f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3216124952665678623,3160263083982987071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3216124952665678623,3160263083982987071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3216124952665678623,3160263083982987071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3216124952665678623,3160263083982987071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3216124952665678623,3160263083982987071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3216124952665678623,3160263083982987071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3080 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | tcp | |
| CN | 39.156.68.163:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_3792_FTOFGXXCZZZWTFXW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b04f8001a2234ed9e812717630c60f6d |
| SHA1 | 36b7211955b48de1dc25235ea97a17e8f696eb74 |
| SHA256 | 43d958df3c052c901e251fee45f7770026d44aa3c02e18d42e3dbf28bfd46fb3 |
| SHA512 | 683cae38f8f00a76cb5b06cd3e334088b239e9af60b8851759b594151fb1575fc1e4566642305c1193bafc36e8cd86765fe9296373c1e12a7e11829d1152282d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7bb523427c14248c114c485891100fa7 |
| SHA1 | c23533a93ddc294b4c5abe0f83bed2d6e6101c88 |
| SHA256 | d7dc1f7efcb48579676a3aed4576dca38f197120abee10f2f94efa69b982375f |
| SHA512 | 10419d7838d4dd5bafb1c7ab54a94a0e4b8a060220e8c1f6a32734ca81e9c8fff8c9d3f3753c50c5dbbac036f8e209e6a595874031b344906b41dfe1bffb8830 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 53d4560a88e553f7fb08da9948f588e2 |
| SHA1 | 49683a96adac340d4b66962ac1fd9b83d1b6e707 |
| SHA256 | 3b81be7970fe3b489f323725f6731420f3ecb7c48cd995107c8a63adb055cf22 |
| SHA512 | bfb9ffe16be710f82c880259d8bcab95778b28435bf1f028fcdc79c0c174520bdf1ffbf9106d0f6f2fcdcec247aa73ffa9ac122bbfbdbc27d428d2f1b757388b |