Analysis Overview
SHA256
48953ca257543e808494651ea96daff546478c2b4c6b7e67dcdd8ac835cb1737
Threat Level: No (potentially) malicious behavior was detected
The file 80172b7794bcb48e62f4dfdbca71b61f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-29 08:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-29 08:23
Reported
2024-05-29 08:26
Platform
win7-20240221-en
Max time kernel
121s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90fc5b97a1b1da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423132890" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f5c840ad97b53641b564d0ed693251ab000000000200000000001066000000010000200000008478c7fa6a6295c61f67caa1007f900c3b7b7f63062827950d4320fe83f6aff1000000000e8000000002000020000000fcf5c590beb03f9fcbfc1340677dc817d77d1d1aca62db2c8a8a1491c1b7fd19200000005d67fbfedb3815b5badc60057ce786c2e080a4a9d6a401b230a39e0599b88ab040000000c3ef4ad3bb6a852f0be45b51d31c4ec71ee8b7bca4abf8d9627af877003491dd142401577a508eaabd745fcd920e80e2c71962ab8c73046f37adf483ae3ff160 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C2D9B6A1-1D94-11EF-B826-EA483E0BCDAF} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f5c840ad97b53641b564d0ed693251ab00000000020000000000106600000001000020000000e57382405b188ac455a4a5a413a1c142e3d1ea497a50c6108022c8e1be87390b000000000e8000000002000020000000da19abb1aa369dfa883e805a47dcfa61b626e88859c348317569c44760376612900000001c5d75f8844ec6fdf48eede8f0423ba592a1e7c98dc655fe380e2541c3d8e51f136531e02768018b419686e7e6d5bc7db670b5aff4125029ba95fd9c89d9e8d94e2c9beda0b1b756cb9be5d845d4c7171a59543013408d27fdb6deb916c03b7a408da1d73eaf5836a00d324b28a55cfccaf32f11a5e4732a4547ab73ca81d87d3fc1d510eb47c5e789e698b2a72e5d35400000009a4cd701ed72069ded41d1b261693e06ede9ee8b541f1069ff5124b0d116f491e37be95b4024e612df16020d8719e89cfeb069390c281f091fa0b04d131f19cc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2960 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2960 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2960 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2960 wrote to memory of 2800 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\80172b7794bcb48e62f4dfdbca71b61f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.guddelaune.de | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3611.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3702.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9fb05ef772e1c452b6cc0e3fd4b5e0d2 |
| SHA1 | 8c18375e375973ef2afebedb4c35664a408025b0 |
| SHA256 | eafab529a79c78a0bb41dce67100ce3e15202d2943715da6b9ed0e755740483c |
| SHA512 | 0ab782f7cc714fcc02d1b5a00c7c551d398975d66a8040fe351780649c935a2e9425acf172389610295e345464f7ad9bba6153e0409494ea2eb11b0eb7d1202f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c0138c45d1e55be2ea247739a1d6ffb8 |
| SHA1 | 02164bd6651205a9cafd1126d964dfcde9a5c9d1 |
| SHA256 | 6cade05fe0d6cdfb8c110e6689259fe6237a9e05f3daf56919197c96142f5fd1 |
| SHA512 | abfe6f2ddc8bf2b7815641888d9b433fbc19f345e7a21cc7d0a2b43caa0556de5848c796291b2664d4b95d68358d6ea9621c46641971ba31468238df54dad321 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ca2ba77fe37d88d367f3492175c6dfa9 |
| SHA1 | f4886f030166b9990295dd5ee5b7906d08ac5910 |
| SHA256 | 6caa3ff143cfd159fbd1597bc3bc6a1464792ea2ace602b1f9bc4d1074137b31 |
| SHA512 | 22fe4382692770734aec5a705282c00efe313e05ece9beda39b0a4c80ce4c9ef3759ac28e9c73363546e21c38f9f33e2dd123962d9690ed1cb4c7d70557f4d99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 307fb58f16578e52014dc6b4d5ebf159 |
| SHA1 | 96a41a44c1b81f0f0d9aa4b487a5807503fea17e |
| SHA256 | 331d82f3ac24f0de731d18f452056c14103470da18d70ef5b04c4cc9aeb8ad75 |
| SHA512 | 32c0f4d46eea6ad6f988782d636e2f7c44ddf8ab1f3d38cf8f967601fb29be19d727fd5e2cd43bb76bf673e0d774c7cf50ab0c5aed562aa9a27cf55c030fc414 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 04d141c6573951d2af22eb071544abc8 |
| SHA1 | b6fe0e37997348067fc37368e8486fcb42c71279 |
| SHA256 | aae1bae36ccea075d0f4d6f7f7b1a228f228b617db3d35868f2be28e481e9e34 |
| SHA512 | 14658ca20b2846aba2063a5582738757e924143e5c502437a460508cae17047efe9917021ae7576a90aeeb5c6e6c13f1831690c07a23c84f716e0f98de70976f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | daa25e742a27a99db253c2334dfb8ee3 |
| SHA1 | 16a50dc35328c889d57eee9b85793a00f27541c7 |
| SHA256 | 01ed338e4e335f1f20c11e102763b1b33af2cacd16a0ba01a07a343e9bd4a2f0 |
| SHA512 | 6f82c0b7d90ffaddb562d432029dce7787623e9fc399a5c640f8bc04477fb7cb107b1204161de6d2c865dc64e47bc1bf88e50ddd52b692c0a0c54de635d5c0e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bee3ff44699fb645ea2440b0031771c8 |
| SHA1 | e9688a65cc4d66e609243766df791e7ee1434b8d |
| SHA256 | add3a95bf3ec07857a8dbe8f861730f69e575b5e01f08274671b07c9926c46f9 |
| SHA512 | a91b6d373b1ecd3b1d7296a07219f21821eefc9ead03c3343b3b219581c425a2fed6bd0793e885813b027009365e537f395ffad57fceca7601aa6f8c5a78957d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 819df2bf055d2bfd3ad0c3fe304df1c0 |
| SHA1 | ae17b69076dcc0e9463b79264f4e37fc50040195 |
| SHA256 | 83ca8ab5ae9728f70f3a1404fa1ca71d4d49ced71434d71f06d023c72ed1971f |
| SHA512 | 259292e82caad99d3a580d6d0756257f74fa203723e917cfef358b1ea464a0c4d5adc0e58094beca92d4ffd068cb7065e6a0b3a7d4fe7265685efb4dab61b01c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3455a072efbe4606e2a0a0c7fe23d590 |
| SHA1 | 3dc4efb9dc219d2557434be330b87e0839e24c7a |
| SHA256 | a0e1618bbefdaa170b69383afcc1b7f54cfd8e1a6f16c0d7aa47726b254eab52 |
| SHA512 | ebb95130c5dd6ad6ce3be1c17c765d105d52cf10e96297523c33352390d0ae14d17f62cf4e933dcf78a3379c9f84b6bbdb587b6b2660a8a5b215ffdde5afbec2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b22a983a4d8b3cb0f9d93fc075ffacfb |
| SHA1 | 3908edcb906da6ea39e664f1dd4af676a68d77f1 |
| SHA256 | 33ed4ac0ec3c69520b1b9af5a5f2869a20ae23f7126f1bdd5aa130c40f60815b |
| SHA512 | eb8bbdeb6e7e7d06825d10a20817593b9b75821ef2bb06cac449f6615e9a0f1f4bed740272f3938f9703f45e35fda3fe44c521a6af9c4c9b92c6dec926e7b3be |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fbb49953ced26740faeb1789b95835b8 |
| SHA1 | 325d81bdcea52a85c7a5add10f474a5c29d14479 |
| SHA256 | 37a9223f145134195ca9584d4ddcc11e6c02791c643df470b688b77b1af77788 |
| SHA512 | 382e5f69dc80cd0f356aa0b1ff053623acb031972e7ad38bdfe86d397701d2b26ae042fd6cc6e53c6cc62feb911a247bbd14e431fc8a335d6db39ad7114d868d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f7ebcbee996dedb2584f539663f7e63a |
| SHA1 | 73ed72c0ff851053e7796df031ad578ab9f42c7a |
| SHA256 | 92ae3b39d80b4c7b3e29a17fa05442edc8bb8c5fd077eb3cb82c9962fb4844c1 |
| SHA512 | df25fe1432948d9999b967417ddcc13a883b327ea59af93f37af463e6eaa24eea3cdb41e5549b404f5ab18b4a7e12ce617b12d73f2cb873bcaf27c5f9f8af44f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcf4a9cb66214536ec182a221dd78ce0 |
| SHA1 | f9dbbdfd8d7dbe762e1cf1176293196ee7a85d12 |
| SHA256 | 5a940ceddc6a55f64327a3f12c518a4ebcd2f5dda82eeef98423b48c9c5af6ef |
| SHA512 | e78aa764e8a16058ce525bd5d8daed44a653d5613e57c71553148dcd16c399d28359d3603b1b8f77a5aefd8edf09d1eaa82ec5902e621ce139b9fca7f23d5c6b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 09010c4c383ff94717bf1a6c6f85c32c |
| SHA1 | bf62fdc31d87023f90e376a239cec370fada2d8c |
| SHA256 | 42f96e113c425710d777e4230292958528326785097eb54db1cf025423f7fe46 |
| SHA512 | ef2024bdbc08291b13e6a4d224fa82b1d505212eca1b46c4fbedb6bc12a75165a18105f240ac499f58ff6ae16eebbc72ad63a4c4cd80c3129b726602ee7bd77f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6045c5bb2d0deb0398ae1c2fdedb929 |
| SHA1 | 0d449ec30a20c0e9fa3e7dfa4beac68d0a32f8da |
| SHA256 | 2789c5023604c99a025269714bb7125679cdf387f6c3a7e1e1c548e8bb685d99 |
| SHA512 | ad594ad8dc81f5c2bc462ae0d2c3221b13c6208f26f5e73922fb730fd915cbf11148e841c4ae172a461cad42196ccd50bbd65c21fe7a19335f63dcc5cbda4b48 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8b9ffccf8384b09373d570345ddcad6d |
| SHA1 | b6cbd0d517dc10c0d128e9db1ff5bdbc08022065 |
| SHA256 | b508cd3892513a19e5ae8e3f5f085e0c5214e8bafbca43568c34aa12a7225021 |
| SHA512 | 7c37cbce3e2f3537b5e400ac7597f87be8b3646272d72d8a62a3a92e10a0348068804c3d3e516e1813073ffaf25576c0536f1269ebe7c642ffc879673a50666c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a09f8cce17ae2cce7a4fb2c114856319 |
| SHA1 | 4c945401e0e812888f97838476801b046ceedd20 |
| SHA256 | e0cd1fc8b2fad3b799ce2efd623fb47b1cf751494efff487d6dba59e349ac8b3 |
| SHA512 | af17a2fc419b6fb6ef74345e4feb4f8447bf22af9926cabdd396fdc5ac0b6bbdf20dec278620320a2a540922bde8323c92c6757e9fc2bc15c4ff931e4c19d100 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2719198a12871a1914155114bdfb3308 |
| SHA1 | cf396698377a68fd856b0ddd971f0db216834b5e |
| SHA256 | fc7c038418412811cf94b76f28522e3c50222de7eb0486f97e7709f8ddaa37f7 |
| SHA512 | 5c09a74c2d66fb05150893fe91c7ab801296070afb26063f989e092609ac2a51abfa7956ef49d88de71746f1d348ba3bbfac82ef99e05964fd6e22274ca8133b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9ad9d875c0a72364773defac2a632da5 |
| SHA1 | fe4a4a10af0e8edd2759db57200b52016ba42f98 |
| SHA256 | d4faaaedffa57045702bbd4d1fd84569336968bce1b4b6436f770ac28c59b45d |
| SHA512 | fb10edc1f03a739758ffdf292c4280fab41c6840d0f98b05fc889183970196e594eea37f8a1dbf0220297ecdea62783764ae858654e1200779b02000b4818c11 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-29 08:23
Reported
2024-05-29 08:26
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\80172b7794bcb48e62f4dfdbca71b61f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9eb546f8,0x7ffd9eb54708,0x7ffd9eb54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,4277790893885417799,4470791352731915144,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| FR | 216.58.215.42:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.guddelaune.de | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| FR | 216.58.215.42:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_1592_ZYPRNKRARECPNZNV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 397077c04602525fa1684433b25cad1e |
| SHA1 | bb97bc0dda67159a7e6d873fc3faf37403397f7d |
| SHA256 | 0b700a05770896c177490f6e3a772ffedf06bf191691befbf3f844c764ce2b02 |
| SHA512 | 11d7de34b10ba6811d84d1ebef9832843808f3cc3815879f2d7453b6012f5ebd276207e9a455285dfb19de0440e3fc3c2a7b5499ca442d7a37697d8a05024355 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3a875d5fbf6a8f0b2c20722f828366db |
| SHA1 | 05999409becf979628941a44b80978cd46af1abb |
| SHA256 | 9ce5a9d5e0dbc8e0c713c510dd1899556b13b974a1f035587da685dc4393eb9f |
| SHA512 | 12f58bed0146b1e642906121aa39d0e69045bdfe1001696ea1a35b22c1ba988030874c695fa6ee6f8676301ba245014de4f4808c7894bef372cc9db6b2402c77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3dc750222c17978ea3052e014392fcb |
| SHA1 | 815eae398de2211d24281828aeb5c4e105c430b7 |
| SHA256 | ed45507dbaf8f4a63ceb0376496fdc1c4f75e858e1058d787fbf542290b72c29 |
| SHA512 | d2d3ab14412f7b2443875ac30646ff06a6172fed65da7b2cac420e2b3ccc364005f50dc460e467c0fee81d7a94999352a6b17ab3738f0b1ca54fb166efd9cb4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9da0a72e2d93914a800f630106ed677f |
| SHA1 | 288657ce2d59f704504485c18d83aad6b57dd2aa |
| SHA256 | fffba33777a4175ce52ac2c76541e6bfe553628f73c931ba4942468966787d1d |
| SHA512 | b24c1f361cd40a8c1fb58d6fd88fa492496cad4fbad9758a1afa12a01b34384b655ce5bd90cf176b192a5f284700c39776360e6f562aa2b0d2e3467a1762b5cb |