Analysis Overview
SHA256
6a2dd56521678b9b5ee3fa15af5e407b3e4b3302b8d7733c8fd4dc4a0960c441
Threat Level: No (potentially) malicious behavior was detected
The file 7ffbeb6376a935e9f84060e1e6ee2988_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 07:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 07:45
Reported
2024-05-29 07:47
Platform
win7-20240508-en
Max time kernel
138s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000579c666a16a2705a217cc3b7cd73c3b789da314038be2727906dbf41a91989a9000000000e800000000200002000000098338de46bd5d8f5b64ea9f5b3c6df8048a613b1e37e2a47761c0f8756eaf361900000009140e420a79d7c4cd69d956c8cdeee5410fd8afec60d64a6ed560143629d521e4e860301c850a3eaa1f0670b3ee5d2c8efbbe3b7e71c6ec9c152c6487315cc212e7d9a91fba55abb964ff10db8cf114245df3b6efaa671c71f1855d7765f9cb39aaa7efd5275b7445d0458c6d63a3632092fd5e58c3b8b2b0caa03fce80606722167bd6124bd50824e8c7ff150aa3b8f4000000090901deb0dd0ce6712f57d1ae848611e5b28464fae022a31fcc6c13bd4dee5550cf8e6eb33d4a14b52f3e05459e591e95749729ac98a5f1d83847669f06ddaeb | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000007aeda2a3974f63ba3cecadf192cd91ed9e940d6e08aade895c58cf69bf5c014000000000e8000000002000020000000e24e254a5acfbc078bf7242d6ac6b2417ff4ce9dd81f483976d64320162d5df520000000b83917c30e936bba833ffc0eb5345421c7e202c6fb0b4a07a8959df2d611216740000000298cbaaf130599aff40d77415a2c831a3cd690413cce596056c20845bd55ee77f917ce333b3b5421ef370f7bbdb5088ee082bdbc727762881a86dcbfa2fc0554 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 104772349cb1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423130577" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F938171-1D8F-11EF-ACD5-4635F953E0C8} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2136 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2136 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2136 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2136 wrote to memory of 2924 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7ffbeb6376a935e9f84060e1e6ee2988_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.experiencepanama.net | udp |
| US | 8.8.8.8:53 | www.knotoncallcharters.com | udp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab31EC.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3280.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e9231ff6d743ee065ef711c38421a852 |
| SHA1 | 287415daf0a955a69cad04a6a42d669322ee77b6 |
| SHA256 | 776118ed91e602e4a008672a6390baccbfc4270cef3b2313413bed7033274f58 |
| SHA512 | 81d2e14fc246636021bb67e64ac14492ad1945f2d463055697b7bae8e06c87ccd8590b66c67ed9074f305fee535f090747a346e1487a1d700f89b0f923a0a150 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c9d21859acdf997d9a16d631a22be81b |
| SHA1 | d1eec8c6b99589279f23a29f388fa944a949af52 |
| SHA256 | 6a9e5fd68b394815a46d2cc88c21be05954c79e235e77d8438cae3e6f0f22343 |
| SHA512 | 88205bf7e67830e8af3615548528215bfddf73592e291443554fbe114df5c737e2832c227732dc433340f7b0763a138f60713561dfac72734ee7c376d93774dc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ec97944d8f969f1a26f188971d071c4 |
| SHA1 | 678caf8a11bc70dae53dc1569d082a5302652d4d |
| SHA256 | 29a5bea7fec589b26cfedb5b71c4a0974c601631c02c3ab45bbf627e25a655dd |
| SHA512 | 1e8d2dd25009052045a06e12914ef73d671e5074c81930d790ceb03346efcd43b3a60c94c6628bafa3c05982d93ccbaad4d7a884ebde1da0e51c73a53cd9efd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1efcdbddc47fb69d4848b7889c3ee7bf |
| SHA1 | 6129cfeddafce9947e1c5b3aba320bb32a92248c |
| SHA256 | 9172b000892ebe5adfe0debc7b6cf6d11e272d4470bf528d11281f5b1d75f8c8 |
| SHA512 | 6e1c0e6310c4687aeec5619d567739d99c69d08ac90c9f90bc5e01fa5fb5738748a0b044b778e97fe46b5fcd6d70c20ec7c7e1a78d21003a1773ad4e792311b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | de6253b1fe1b2609109bf614a9fe46d2 |
| SHA1 | 06912628247707eb0d3c81a0415b79e1a7c1f0b8 |
| SHA256 | d4478899bbe1bd0634ddda382a3b10ff925eef23baba13230b260aa8adb49eb4 |
| SHA512 | 5bb8e6cf5bb6ec57111d8dc6d93baf66d2cc06fd272416b8d12b2a87b22e07ee0c885b70402686ef70b251ea2a0c3835b0fed1f568f991f15ea46719eef4b454 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b1441ef8bd9a354c889b41b2f310a04 |
| SHA1 | ef3d05395e891fe584dab1e7c0627221f23cc39b |
| SHA256 | 0a6d8ada153280775900edc8aa6bfa9b7327ef724ba1b82576ce1367919cfe46 |
| SHA512 | c23c3acaf2764c2a30ddbba8dda00328d4ff4a6cd6fe5dd70565242a75ed673125926d2f2a5ca4f8df2321a4b301bf8ca42484fd132e4c7c67e590b17dc642b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d7efa0caaa00646ebe0e2ebab9d4a34 |
| SHA1 | 2dd239379099866d4c5065cde521c2585f3251f6 |
| SHA256 | 36b9eedef7a688e6f1260f50e02d0231a02071115a8b095267e03f2e9f410866 |
| SHA512 | f4f18a86dd513b4f7cbc0e2a838520cd4064b3edd1c61001948244320c0d80719134ad3eba0cb6b3d390c9460db8a38e552413b8920c57c9552f6cf07c6d30bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3b22039a10e4d7cbe18866970b8c58e2 |
| SHA1 | fb6e0e051705c3e5d7b79ee39068f079683e77b5 |
| SHA256 | 82c3e101ed74424239eadae0e955c1f26e9399e3b34e74cd90c0bc21aec584a7 |
| SHA512 | f225173ff0db0cb0b0d78797784714b03942d46c1ef09b4d3b87d8a7b76fc0ac15442854c9b4484bdfc1a7e42b32a65268a1f6092dce5f41be6694f0218e76db |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3080edd9bbe8a2c659e60c102bf32c60 |
| SHA1 | 2db92fd12de4a6b08488f1b3f30cf0332de52f95 |
| SHA256 | 8386919dfc640f3008903f073750d0abdcd8ef97608818e793717bfe8ef2c8c6 |
| SHA512 | 835adf366b36b15a450d50faeb1e9a66f9400e1f488de83e54bb8bb7e587545edf3d471f57387b21595660e3febca460bb4321a910fbce59e3b65915856ea344 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b47182af3fea5c87d48b8a645e328c3c |
| SHA1 | cef40707d00e856285160d2611f3b5c06d82063f |
| SHA256 | 4661465e31b2494cfb6d3160b3398b88fc9bd74bd4805333e9c76085eba78a85 |
| SHA512 | 1958afb76cd50206b6ee3c93cf9aeae654358ec5a43c6ba9c9ca9b1b958c20f6510f7ab6f53e270091cec3ff39aad7ff0619faeba9cf6e52148ac77ecd3646de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1c6211c293dbea89df26c29779ddbdf5 |
| SHA1 | 3fd35688751c3ff59912b4c37b7bef63e32f5e0d |
| SHA256 | 4638ccb5e3a9a7c04f80d266ab675843bad0fcc40977adf3ad55918a8256563b |
| SHA512 | d4cc1dd138d0650f319dc3177b9fc41c82a3cbd291457328dea7f40693545617cf095efdaf1f440b9c29a152dbaeb68c1c239561721a51fa8edefaef96a8d397 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 01873c756ce8a0aa571a6d67121f95eb |
| SHA1 | df41e36ab3d53762f64203845fffef9d38b6aa30 |
| SHA256 | 32f82266a69630b21c6bb90ae629beb91fd86706192cf3a3b5f26a61a7e9ab39 |
| SHA512 | 0edd4158501da2aa2ebe81c9e818eb6069d23410d0a02b504b99a35c5e81bcb7028a2be78d8373b07052886e13a05560de29d8956a10051195e5feb5dd1e32cd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 983b7de58808bae8111110877aeafa71 |
| SHA1 | 22415f3a4077847c4c92abc12d1763fae99ce904 |
| SHA256 | cf461ea4d108790f20e16be061a14cd0a1ba964d05794c8441d46ce3cee41bed |
| SHA512 | 0ab9d83291dec2060eafc5773a76a13bf8beaeca5de27c2c8e965998a286277581b0bfff73372e7d9b6ae546b2f2a536e130f9a2dd840323cd6bfd814e2e4bd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d809c7b0fe5a6da7e6537396f33c5b52 |
| SHA1 | 58abdf5691b69ad425b96b027c9a4b08632ef8dd |
| SHA256 | e3cd6fd079d36dac3f587b7f1671f4c198c8b9a547285509e23e75f92d3a5496 |
| SHA512 | faab51c61c24428d7ca2faf14602ba592b49449950ee48b5a101925cb8641186922e5523723a7a5f7ef6dc33049fa280e27f1fc585864d9f117504fc4747a97b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7e233942101ac0a1c8e4fbb5c88f1672 |
| SHA1 | 9cf2f648ba7c486dd2b8f281a726a00c1ee33cb1 |
| SHA256 | 2782bfdbc90a315c74fd94b5525ffa8fa3f4ffa47868efca52d25dbc355de0ac |
| SHA512 | c921b8b3e1da6be7a666724c1e1bf5198f0c7a746d4bc2a774c4253f5501a071499300883e43cb964afaeac4a3f21e637464c64e18f71e071bf56775039b665c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 07:45
Reported
2024-05-29 07:47
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
128s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7ffbeb6376a935e9f84060e1e6ee2988_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8930846f8,0x7ff893084708,0x7ff893084718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,10177958809337827205,17367491080515017075,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| FR | 142.250.179.78:445 | translate.google.com | tcp |
| US | 8.8.8.8:53 | www.knotoncallcharters.com | udp |
| US | 8.8.8.8:53 | www.experiencepanama.net | udp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:80 | www.experiencepanama.net | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| FR | 142.250.179.78:139 | translate.google.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.43.178.108.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.experiencepanama.net | udp |
| US | 108.178.43.214:445 | www.experiencepanama.net | tcp |
| US | 108.178.43.214:139 | www.experiencepanama.net | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_548_AJQNGZOZMJGNCJPJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 91d688772a3b72bb9e71e68be15d8eb1 |
| SHA1 | 543ddbbb362916d44d806d8073b3589038dfc641 |
| SHA256 | a28a288ab4f02f3c322b1f50f3a11852e84d9156d4cf275dc61e48bca820868c |
| SHA512 | f772d5ddcdd32f292e5170493de5cafae0672ee3498a894ae23a4211357131d9340a0ec950fdeb39b3269d5ad54a2fb304e1e3da9518a181d568c40d93a9c732 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 730e809f868cb1fc79993c030f20249d |
| SHA1 | 46ae907b5b42ac0d12d4de4360b61b9e180785df |
| SHA256 | f4fd34568371b09a2408f888c4d4025c114deddaa69a74407b850e190611f50c |
| SHA512 | 2f50b87b5eb35cc8c5aec1a967c883f42dac892834369bfc1e5c0f264d104958a2bf6f0ecf5b7ed1da8f69bf9ab882f72706820be77ce2a365b85e5c1a94f8ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6e8c79ec8e359994cfaeaccf23d09ec4 |
| SHA1 | 173112f1194e97f1a934d7494a9b3be3a1f4148a |
| SHA256 | 6b780ea38e14dbbe031dc1570af51b2b3f6c1f09c3c50294b4b9cb5dbb00881c |
| SHA512 | d73ce8e77d7e91d132a7bf025a5d63adbafba96bc9ec3cd64c200a6fdb06adde4315cc16dd933892546cda994e94a4137e5bc63a66754809efcf42c8f0f567b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |