Analysis Overview
SHA256
42463fc5982d7b00062ae935f6a63fa7e2aaf5cc6b6dce68de5c3f1a3a6898da
Threat Level: No (potentially) malicious behavior was detected
The file 7ffbce8ed4c54d5296a039c9647d6db4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 07:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 07:44
Reported
2024-05-29 07:47
Platform
win7-20240220-en
Max time kernel
120s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007022ade8265690429af26814f45a015800000000020000000000106600000001000020000000323d20401e5d99d0c6d939a230e0181f5c1232cfde29b998e1d021adbee535ad000000000e8000000002000020000000bf671d07bb7504d66caa14f0dfcc370e2f73c8e62e0888eda863871cd2ba1bc090000000a20269fce545534591b7d3b57d2ad25369fd21a6b79600f3d3f34d0e5526d1a1061bfb1bf2f181f2507c4ef646ffbaf63f3c9e476fb083c3189310ebebe64684889e8262d5afd1292c07e73f5f99b459cf03cd1a1332a2ac8279ef2baee545b394dfed88681d5e1a1afabd63c9ac537af763818ff66b853edc36608953d06e67b68a25667d249fe87dc8308f015c43e140000000f75f68372fedb5bf973f1f0147e3f5676a778035aefbcbc262bf61bf588d564eb2aa09ad52d1e0a5d8fd2926b2bc6615dfb786b634f6b76bc8fb455d9b9125b8 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130558" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40083d2d9cb1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007022ade8265690429af26814f45a015800000000020000000000106600000001000020000000077e692670e3dd3ca7c4edc834c69bb5311cfafd497890222132932dce1f510a000000000e800000000200002000000067e38e2a4c3887aac06960768d7e8196d8631044de87f73134e609d5afc7564e200000009ee401ed56aefc0d51768b0643eb1b457561c4bf2b724a8ac476075531afadcb40000000921c8724816dd45ecd20b6bfec5d05f9a3a1803721d97869e9cec909649f65dbf640fa3733d25b3e40a8d844f114bdff3e3f125c26cccd6abfe121aa70b44dd9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{544FA001-1D8F-11EF-8A04-E6AC171B5DA5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2360 wrote to memory of 2112 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2112 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2112 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2360 wrote to memory of 2112 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffbce8ed4c54d5296a039c9647d6db4_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.xuite.net | udp |
| US | 8.8.8.8:53 | 1.share.photo.xuite.net | udp |
| US | 8.8.8.8:53 | vlog.xuite.net | udp |
| US | 8.8.8.8:53 | f.share.photo.xuite.net | udp |
| US | 8.8.8.8:53 | 3.share.photo.xuite.net | udp |
| US | 8.8.8.8:53 | d31qbv1cthcecs.cloudfront.net | udp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3E68.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3F6B.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b7e2f3a79fcb5b0b260ab0655d7ada7 |
| SHA1 | a08d86925d0df1abb41462ec37626be95295f50c |
| SHA256 | 25bf15d369d5d9f42cbc3e226ddbe7abc9a50939fe24286c3687b32e1a01a341 |
| SHA512 | c26094b5ff7f16a2c153568bbae3bdc8976da3cd22216569b77fdf1343222fb7f8370dabd1c8e879849ed77a357f828fd500a7bf5a4ebc63ac6a8f044ecf0c51 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5fa948cd3a7a81a250682ed6974fac12 |
| SHA1 | 2946b6b66d6559ad8d87b8d0c01074031e323e31 |
| SHA256 | 754eae31d5da16dee775f629f109bc1cf6c590739e82a675405d534454882479 |
| SHA512 | 5d6999906f3dc79cd7a34344b544f9de2bc911a43da2bc46b238cf3954cc9fb6cf5494c8e1391cc87ae0e91e00d384e26b22d87810e7789403c527bcdcaf01b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea05ab4faa472b46c6297346439785c4 |
| SHA1 | 741bdca74f50349abba8b1fd19b23cf0fa72b1e5 |
| SHA256 | 4a9f1998a23ebc9f7269417aab8f41cc63a48457b012213c20648467c7552d24 |
| SHA512 | 382d80fd8fd7aaefae6f32bc67d9695a29e27cedd73f9bbdd1dedb746a0d358215db884a24f015a09339e478471bf6d3c92200e9d38e2bf2e3e21d4afc6af58b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a13c2680bf2a78a3f04ba82dd2141536 |
| SHA1 | f20d101ebd0a0660bca77508699614fa0978d268 |
| SHA256 | a623f4d38f0518d55bfc7d03b658995ed8948edc9c66ddd015a3babe9c0ec71a |
| SHA512 | a9c8b302844bfbc011e546b1984094152385ff3b7e26df52e38bfceaf60616a2cff2c7d60fd82b98a6a105996843af862aab47b47c43ecfff05508322ef795fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 443f9d2d52cbb6b5801b00b0e493f969 |
| SHA1 | 906fed93f8cb3c22e74b084de534032d298ec48b |
| SHA256 | b64e716e08ac7be9dea37d390b31e2578a01fac012099bf4f43239b035266095 |
| SHA512 | d2b70d3802d84331e03aa18dcf510f81b849879848acb1d712f885ed7651ecf6bb0e02d73b6e579f51dc51506eaa3fa1568b1d4908c6928f6785e2f0913926bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d20c21744cfae45f2b7c0b9d96ea58ad |
| SHA1 | 88575fad243d19b9ea8ab52b36051e08a198d476 |
| SHA256 | d5802b22a17b39379e9a47120ea0feee13f1b58986a2bf1d0e61a766645bc76e |
| SHA512 | 4dffac1da96a4a9f4c35670011bf6081e598770c217249fcfdf1553f1dab6e33f20ae02acb01a3ba96228d4d113613ce82aa756bbe8da212814ff715b7a403c7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88a865da48e7f2c4fb90dc5e8e184b3f |
| SHA1 | 5569aeeb3bbd4211b05ef5988168c0e0d33bcb74 |
| SHA256 | c12a817fcc8658c112974c955bf7cfe3f31a504a70d217b134b94ae625ebe4a6 |
| SHA512 | f7fa54e44114dda1002beb4578c784e2190c70d7e2b8330a9d2393bac7e290c1d5a2f56e360715c4a85a10b064890112281edc27f92c761964d03d48dd903f3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2921ed2c46a2f89ca4532c05fbad5cd5 |
| SHA1 | ba87257fd062e28029c6dab8e14030f0084fee1a |
| SHA256 | c70dc1d1effbf47f1c0d92a34219b6106dfcd18945f07cae67e5ec21be89c59b |
| SHA512 | 886ee8451017db83e98c6df43f12840301b08c200dff39697714b085b70809e0c1ace9fa6c096706a36a34cfe721906529b5239240ba7ea8e1ded354cd618643 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fcb61b091e993bfa461accc4d2c3f2a5 |
| SHA1 | 01b60ea5557c440e295947209d8980bed7cdfe88 |
| SHA256 | f3b968f9912ef2e1628c7b4b9a5c3920a50f8ecdd38bd2f832a6c75e52901bee |
| SHA512 | 2b7cab3c8e8a36f1811396e36cda78b8e50b4e3017ab77df78ceac0fab9c9e270483ab05a97308f1a3bced00380f7ee1608eb4ce0ca7402b9d7baea161b3ce16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dea9728c7885440320b4c8a9ee2595ae |
| SHA1 | 9395d0d151baffdb34a19a8ac8dd59d8a17e1135 |
| SHA256 | f882a80b5a36932cded5c9fa43fe7421b9fcad8830eb9165ced8bf9856484d92 |
| SHA512 | 5da58ca5f9613a4e75ca27cd17883bbe6e520804b8229343709a1db1ee23737bedbf212523e3aebb33348c91cd27a108f1eac7dce6121a05563d676b308a76dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3fd22f7ecce39de1d19b55635cfa3d1 |
| SHA1 | 43868c74324f65240dcbd2cf992b975203a59976 |
| SHA256 | 733a8a55b80e81c46e03860782eecb9487915023f511a655d237b1f28a1efe7b |
| SHA512 | 986a0d9806f02d9b099a4a051902b9a70484726faecf7c4361226965e5a462ff85c1f2df4b364ef7672012fdd769a4015dd15dff0d6d7a3aaef2280a7205fa76 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af5bb2a942e41d8ed5250645ced48cd2 |
| SHA1 | cf15ea1fc0b3a1648d22ae20ff9f9873f0b92b46 |
| SHA256 | 35fec13e3cf8f4b97cf151c2e35182c0d3ba0723a515da999dcf9bb5f39ef523 |
| SHA512 | 51ade756a7c3cbd0c4f116b7393c59b2d55143b611db725463441097ac85c4bd412abe9e2dda4161eb3b83f2840ad4cb49cdb191e35e03ba793825f8c1f44de8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ecfa2b66d266b375578b34f7076e96a9 |
| SHA1 | 5b33c1bdbb8a06889ea6b5b0619833dd446b05ee |
| SHA256 | 6f2e82bc7091b8964bf9f3a2e016ec19ebc87ba99125566b090310c84779c638 |
| SHA512 | a6b5e3ff0cb2d0e7def871ec8fcd468f73d3be1251a51967892aeaab607b8fc1cd06abf98172149b5f15ea9d1c290eeccc996a1288e5d140d2c1c00dd27434f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1dca48d0b287e9363237633ea836dd01 |
| SHA1 | eada84a3c50223d9512a128167ba4f11608e36ee |
| SHA256 | d75e6445ad2fd5dcbb0ea00b640be1f22f06a8946272b65cddf04c1f65f94d9f |
| SHA512 | 38a0985f7a77f0166048e9604579dd0136e6f431a76e259fce4c3e3f8350fe2bdaaf55c87d267d9f99bab80abc1c38814de6e43b437c600141b31a267875263f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 191562ab8eb7744d8584b645e8bf86c1 |
| SHA1 | 2604aa58bd5b90e237fde90726b68f7442e12a36 |
| SHA256 | 00e4a269786f8ae506e695590d3e15bb4cd4e25e51848c36d41e1fc03f1dbb67 |
| SHA512 | 594364945dac122a24932cead2c0373ab4244eeb18bf8e6909277ab79cdd91d075dd5f8156bf56feda16c2e87b6ce61bc608200d36231b3e4b4fd3209d7f5f40 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 31d70afc326cc35199e54ba00448d6e4 |
| SHA1 | 323021c6d4fbc5a9bdf9532fd64c43180e5321c8 |
| SHA256 | ee8f3b46a587e77d89f836dabf16cdc2cccf4a6acf153ed12ade9df3d84bcfdc |
| SHA512 | 8739795cac5f0321c83f108a22180b75b43378fe8af88e75e5a04ac6c9bed39b063e900bed7acb442170fdd0f1bb372d42b54bb2b7fc24db97e2615fa1dc67be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a97fcdf82adcccd3bca7453b51ba7a44 |
| SHA1 | b069cf79b8a9f43fe5796ab77bc84c9edde3fca8 |
| SHA256 | 2b82f50f10fdfdf988ca7619d03007f0a6e0445c937ca0cf85b813b9e655f815 |
| SHA512 | 208207c6b7d1c68515c6770ebf15bab5ce6ebd2d6ce17760343ade6af44f2110f7d5d46221031a16432e4d311d50c07b2f281b856d4c8cff0a5b82c2a48ed9b9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 100911019bf18e998298605a6de78bf0 |
| SHA1 | dc29fdda01e4d99c31529ae740e4dda4239f9d93 |
| SHA256 | 7c3783df3c685edc93a936be57424df51f11c1200c0bc7c282c764b0c6f97840 |
| SHA512 | 5bda80dfa68d48742db9336a6a2d710a2b914fda27fed3322c963e7e633c53d51c4a7fc446bd5d12ee654dbd610fcae74fd7f30dee1aa0f3e94dc5824d40ba01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbbdad97208eb00e607bc6272d37ae13 |
| SHA1 | a96b38a467d531673ab3aee6288d5726cb7b9802 |
| SHA256 | a59f4f42e9e59333f122a5df95a330b1c1077f978fbea7f0fbae056f245cebb5 |
| SHA512 | f163bb2cc9bf22c324163aa854c78f62aeac2c12adfd3d764d62e6a870f380ed4703e0d24a4769f15b3862352587e5686e16feea291b8e6db422d4768e924ac0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 07:44
Reported
2024-05-29 07:47
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
138s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffbce8ed4c54d5296a039c9647d6db4_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0ffb46f8,0x7ffd0ffb4708,0x7ffd0ffb4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6795674987943750466,236491850208739840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4728 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | img.xuite.net | udp |
| US | 8.8.8.8:53 | vatrack.hinet.net | udp |
| US | 8.8.8.8:53 | 1.share.photo.xuite.net | udp |
| US | 8.8.8.8:53 | vlog.xuite.net | udp |
| US | 8.8.8.8:53 | f.share.photo.xuite.net | udp |
| US | 8.8.8.8:53 | 3.share.photo.xuite.net | udp |
| US | 8.8.8.8:53 | d31qbv1cthcecs.cloudfront.net | udp |
| TW | 202.39.224.124:445 | vatrack.hinet.net | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| FR | 142.250.75.238:80 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 238.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | vatrack.hinet.net | udp |
| TW | 202.39.224.124:139 | vatrack.hinet.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_1412_YDHEZYIWNTASKUJW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ca8625367a926ac400d2cfc7f21fecf |
| SHA1 | c2460c666465ae82205b4e3d50db5720e9e6f109 |
| SHA256 | fc0308f56d4d76776aec89ad44617bf3392ef8921f784f605314f775d4b1d4fe |
| SHA512 | 340f0927f9b5eb0c5c15d955c3fc7460eb596c541b4c3ca345224c5d85e8d72d1ab4098a9e600b0eaa81d19dacef40fba16db43ec4d0ba0d80d33e6ec8b9d738 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 85f441f422430a7c813d7f34bb8a51fa |
| SHA1 | b5f001bbeb3ec6b069d24eacc510188c1db11450 |
| SHA256 | d262c8e36106469a065515468b9c946f293b1a3c4b68553bb39c76541bd06cf6 |
| SHA512 | 179669cd3db43af1ab4cae41a3103e3872490075179d152e8a4bbb1bf77e9ce4dcf30c051006a7ab5843f89d171d0af03ece7501922ff0fed87f53919ed8a3af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cd8796c6efc43c58da75f8aeb76c5c80 |
| SHA1 | 6084d194bae2bad816069f04a3c59c2fb16a69de |
| SHA256 | 4a6ff5cca0979760ef22ffb207a715d0ae759ae26e2b82201db51704c33ce2c7 |
| SHA512 | 7c00112e5303d670cb50d7d234ef56f91f7dcea2dcd7e04516b4ab502d15f78def3f1f57a521e85fbb17e66fdb68c32e910faa9982ecfbeb4773d007ecf62751 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |