Analysis Overview
SHA256
c16b9c631ce062725a5b0159d910c26b0c1d3479fd5f5c7d20f8caf1ada607ea
Threat Level: No (potentially) malicious behavior was detected
The file 846239115433b83bb8db850122d46be3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-30 13:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-30 13:56
Reported
2024-05-30 13:59
Platform
win7-20240221-en
Max time kernel
147s
Max time network
125s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ccfcb6e4cb97c3408be0ffd46993074e00000000020000000000106600000001000020000000d7977fc2d73f5b0d05cff0724de68ebacafa7c6c74008eb9628a43cf8e358380000000000e8000000002000020000000001cc49224ded8eed1c2cda8b02843a1e14cb81f3cd0ed41706d9f60c4e259022000000022f03b2f8a6357bc419a17d522c3a1b733bf23bd96206f27efa1e516c4530b0f40000000a2151fe17c5f238833cfd7daf90afebb8351d8f6942bbf77cf59333f0117858d6d450f0a1657162e85c776c215149827b8b4402a42445805df5ed37a3ed10ef7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{797871B1-1E8C-11EF-9C17-5E73522EB9B5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239283" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80a2859399b2da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ccfcb6e4cb97c3408be0ffd46993074e000000000200000000001066000000010000200000007a4a550699788ead7711a892d92045d0c300741b87446ced41020ae4be2c0aeb000000000e80000000020000200000006e094f15625abd2726b97b9f07c8d3d6f2fa2f763fb2f6554d1e4b4acbdda665900000009684960e932ceb96ba430fa787ac6fc33adae74bb073e583d17a3e8ad56d8d0e3e9745a9945838ab56fe80e9f4b452079673bd43ea93afc4bce26265f3ca5de70e47d24b95c8d54ce393e61143d21954797067408a5d5fe30741583d9b81e30025d672d6dc17ed98789114a78b4c5f329c5552899fc06cdbfbde124b60539b492d15c34d587802267e1ce436ae8e1585400000001715ebbe27a74c4fdb3070c5b4180ce9c3ae367993a6c1ef6c9b340bfe1ac33465120c4a4edcd25dcd3112ea439ff965c9eef20671bdc1324476e93212b748a2 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1808 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1808 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1808 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1808 wrote to memory of 2620 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\846239115433b83bb8db850122d46be3_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.jsscyx.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1547.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1648.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 13ce1657324d0f45e39f4040df6caa1a |
| SHA1 | ef8abc595df65a50d8c0e446fa5f6318058ca778 |
| SHA256 | 80c4f79fc135dcfb67e47a3184d6c6e8b5a8b6ede0aa77699c0ab2556fa382fa |
| SHA512 | 4198e25433b75c85baeea3c31be514fe2d5531037f19ccb90a5068782467382df3b7edf356f61413f6ffd259a6b764c7ca2a697897d0923ea554173e1ecdf44f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e353a8824b0abe1ab1bc772f3d8fb9c0 |
| SHA1 | 0f051fff0a03c14bd3607c60f6083aacc4783ac4 |
| SHA256 | a754cb0f8405551d0f85eed40f096dbc6e4e6ea10aca91f02dc73cb2ca25303a |
| SHA512 | 90ee0e63dc077a289ad76cff2927f9d620de788356361b0b311683328b4bfd9e04ed1e8b9ae8eaadbf54319ad9aca53d3a9a3fbad18ee05ca2dde277b415ca22 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 86d3a17721bd0cb8e6e2168823cdb29f |
| SHA1 | 75a98ecd21aa2901fdf2ac9278b743564523b745 |
| SHA256 | 606bc2df02cd7292110f20e5fb326ed824212d61156f12ee19ca3d538568d06c |
| SHA512 | 595a36ce63af378b90d4d799c9b597131e938a47293190b39da7e174a7a260305895cf5ec2dd555063e0d727f0457507b42d1f949bf332c150e9ffa4c6f4abf2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b683178f0b7ad235799437988470e023 |
| SHA1 | 23af738054656f239ddac24290a662fc04d4a3c7 |
| SHA256 | cd94ce2dc12e745d4e2effc88aabab5723dcf82b3d00091ad9ff51cc0b94fe61 |
| SHA512 | 41abe95a547db3b570b326b6f8a060e16f7f11852bb8373f310b3165920f82c4e0858fd89f37e21c02c6b87a15b4583ea69a7a442b7dbe75c825460a0093b479 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | da2b83e0c424199afd5a6fd8690c8c72 |
| SHA1 | ac5bc39b99605c63a38b037c52f728f7e39f2d6c |
| SHA256 | 8689f4c659ba54e6f442dd0970e31533712d65ef6b88770603dee091b5d21900 |
| SHA512 | dfba3ee59585d242470127580d1cae7568e6d670873799a3d8c6989b6458041a51e638aca7d8618b9af5e41b26cfbf7ed06ef80b4af8525c5a9d933f5c169f17 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b5689f8f6248cf24b706439f2b4b24d |
| SHA1 | 1c485d20d78c7198f5eb411a8377f0799666ee5f |
| SHA256 | 5b62ee69fcd6672ce95a31ea6c81847e20075042360b6a6cd789a6c44aab41a1 |
| SHA512 | 8c72f2b23368f8a145d7d2d8311d2c10110025ae69d4bc62f7ac00d965f0fac416caa51fbf29cb5823056a6322838213a57cbccc18bc3d65e21503e3e9716cd5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 765078fd8642f783d0c7e0b0d5e5dba5 |
| SHA1 | 49bac8eab5de9be74629eadfeca41ee35b16adda |
| SHA256 | f5dbeccc6b5b7429684ef7a684fece5ba647efd2f188d145a7a3714e44c06219 |
| SHA512 | bb0ef1841beb1be72641de0bcaa07c64829422476d28269655a93c3aab3f26511644e16a9e5aca7f8c97e7c15198bc8f9e907aee5329a1d0fdabed6368036455 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6fd2fa44ded19c931a24c0dc31dad187 |
| SHA1 | dc09e063e99fd538dd74d6d081dbf7a409ec17f5 |
| SHA256 | 305882802ec6fd6dcd05fbc2fa26edbb16769391f9ac4f0606c3e79f08e7f304 |
| SHA512 | 3a67282b9a68851d5f0a760565f0b79d15006cc19bd30db44b17034b62435ecfce218622fe6f0d83c67cd75492ed764654f8b095afbde218686d348331fa8a95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b4521029d35b6aef9794570bdf402c6 |
| SHA1 | ad77c1a26f9d86ef549575a688a34977cd073d64 |
| SHA256 | 658b1860ead6e37b47d4684be99f697c0db5b94bfbdb4ca70a1eb5b0f23c1985 |
| SHA512 | 6ead72e0b70a9fd279487046e44d13df4dccd473c6caab46e36eb05ba34085dbef536b7f7dd453e84532986a2e34554bd95863aa44577ec71c0febdc42ef8dc7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a2a0e0ab9304d5a066b1140933017e6 |
| SHA1 | 8faea12c9b06839c4d32b91f41ed2affea5b93a7 |
| SHA256 | e07fff28d7401f94c935d327aa0fbfda28dc5c24ccb69240bfe182095951748a |
| SHA512 | ad67eeaba2270858a47f6c342d5cff12b2a404f81c53cd266688a479ccaf8407c0c3aec722033eff58c6fc2fca4814c9fcac643124f0c9fdc15f0fddd1bfc48b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b0c4f1b24be0bb46c494e23b9b3d69d9 |
| SHA1 | 7ac0cf267bb1caf362cd29635abe1296e9b2af52 |
| SHA256 | b6f721576cd05c020abf8d919fe16738c969c3bcfbee80fc8da7288c1ad3216c |
| SHA512 | a741eaa089044154bc042acf9cdbf31b1e52f94ba0479c484a74d8919e9668c4b0099eafeef0bf3a3063fb9c2d5ac1dd4ddd12fa963f642f0af5c3df5514405c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4b379e6ede0c862e0c6ee29292e9012 |
| SHA1 | 74bff775e093eeb3f7b8939be7f262a4f13bbdad |
| SHA256 | 809b1d15bc8860f0d006d7af77a5d824d70e6f9e7798a3d8add68bbf54abc1aa |
| SHA512 | 6bc589b9641d6ebf6af7fff174afbb1f38cf06085b52b3d42641f6d4ce415396b7880818b7fb0a8b167b7c3425f8f36d81264a5f70cec89a65f8c9cea2e494b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62bb4095d991155a5df569c6f85500eb |
| SHA1 | 8b7eb5c1175559d9d0c1dc1725f1605b6df75657 |
| SHA256 | 62b019f4ecf259e1b710e239474206d86de29f5a767b0fb9b2ea2fc6e728d8fd |
| SHA512 | 2b308d701ab599889f9b277e926c370ce9dadcde16ef4ee60b184b0c5a0d2a6a31bda035a7b6a87a9b9819ef01dba10e70001cb0e7fcb63ee26c0b9442d31fa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e05899e7982d5b43f83c5977279a3b6 |
| SHA1 | 88c0e045a58aed1b515e9588c021835cc2215ad4 |
| SHA256 | 615ea2629a1d1d66a131661b3c3dbed5a54fc2caf0101e415caec7d64512a826 |
| SHA512 | 3a406b71c8d06ae47b77d875a9fad032bc0cc586c71ae1d655702c6469c250334f17d9039db4172a68d3b96910ead4044fb0a77e5e378aacaa73aebebe57cd32 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0c097cfbf6ffb1db065491ce5e3894ea |
| SHA1 | cad42ada0b95ba7899a52ae01ed75439f78eae64 |
| SHA256 | c011993a64bba1c144987543650d63b110fc5d8e27274524fc9be1d940082dd9 |
| SHA512 | 6c7bcfd285f6d98f4e97cf625cf58bf824859169efc78425cee9f57b2a283e7ccdf49fe8a49305dbfba4a72f839fe3f8b5b2aad9897baf0e5883962b7b1cd7fe |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3331fbc948486289338e8cc7e187e01 |
| SHA1 | cefedfbf1735ff8ebc5bd6eea850f581340779d2 |
| SHA256 | e40d656f3cebf984e1898d6ae5588ce7eb4b642411fc10c58247a8b59f610556 |
| SHA512 | e7ef7408e1b86129bddf53141d777296c0da9d9ed48cf42aa69b7f9c48ca93365159034ea196877db2a28b8e7c8fad8ebedfdc98c96b8d1b7b6466ee8a396b64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8e03752f83c9515cb3e3dd186ffcdc4 |
| SHA1 | d6cd4e666e12379bc9384325cd6123cb8319aad7 |
| SHA256 | ab7b33be942eb221f52ae21a07ea06c073c07d5d780faf4e6d3ad3223d815af0 |
| SHA512 | 961e4083d424bc1a3d7ca654b397a8ce7d32368fc6f7bf7448ebd1c62b78f8c9cbff856143bba61ae63d67f70c54bdf597a57628ca4f79f6fb1f1e6ee8d8a4ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44118d2fcef274a22114b0646a8dd3a3 |
| SHA1 | 97e7cbf72789b6d8dfb69cb04f3133417a5b1aee |
| SHA256 | 841df37e61c8aba91a18da8694acd411344a3e6e098d96da462f69e1c5ba5795 |
| SHA512 | 449c7014ee3181427f809fe689efa1d83fe9f4813e1805622a9934a818a5f8c362869d17e09740423691b246fa84ba189cd7656e4e9506e477930e54981e32de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 201cc1c81bac1f2bdf985f4bc954925d |
| SHA1 | 668564be0314cfbd19ec7dcc4f7d7e2d54875700 |
| SHA256 | 5e8c685ab70f0dab8780d6cd9baf50e289a5db554609fba29cdef712cfb6b036 |
| SHA512 | a91c49ba19dbdc2b8e835860bdb05451d202a1df12b3ab2777011f3bdd793c422faae35f1f62ed708c23a3b4ca475864e12db028d801d51b4d6c58d149c2aeb3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-30 13:56
Reported
2024-05-30 13:59
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
146s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\846239115433b83bb8db850122d46be3_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb552146f8,0x7ffb55214708,0x7ffb55214718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9516374068449569965,8687609698364054038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,9516374068449569965,8687609698364054038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,9516374068449569965,8687609698364054038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9516374068449569965,8687609698364054038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,9516374068449569965,8687609698364054038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,9516374068449569965,8687609698364054038,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.jsscyx.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| IE | 52.111.236.23:443 | tcp | |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_2528_PJMLUQISMHEPXVXC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 04b6910ca632a0633d3e4cae60528a1f |
| SHA1 | 84432346d7eb1ed60822d35e287d79489844a809 |
| SHA256 | 7f25ae98e9d659ff221e7a6f27e98b2b8256eccfe93e7c0b81f473a3b9736549 |
| SHA512 | 312677a4d41e70492e6fd0037431ba880ec9b1ce06977a6a8295753b19d0a7b94ba565cd79a7698a95d1039e17087d7176680ca8712f861be073b8fb72863b90 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7c9c339a-3561-4c1c-9fbc-5ea3d9d2f3f4.tmp
| MD5 | 347eb36903be8923b09a61680a22bdc1 |
| SHA1 | 72011604e575eb63fa5dd6069ea51aa7b99e2826 |
| SHA256 | 5018a13d88ef78d044e8a48530c160947c1af601ed882f2c9b1f098d691d0351 |
| SHA512 | be3b84ea0752d11c64766ca75114135c805bf9d80fdb7bd77c01751dd7eb426e14bbdc2bb4ac7c09ca03bf55ffca6bc36286b519d3ac78fadb11b8413313ffa5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e804cec3-d78e-42d3-ab5e-7c9a9bd081b3.tmp
| MD5 | 833c0f3a8ce733a9a1e00cae441f779d |
| SHA1 | 4b8da746875de492f3cd56fb3af9a71e05486fc0 |
| SHA256 | 9350ba5f557e10887b93c82052604e0ec6d5a4f301251e92cbbc99442f2e3bfe |
| SHA512 | 44e565d93d45cc5a148f920948eda64bd2dea85238b535b9d0cf79339ea3b5a9655aa914a0a376385a7f600bcc5e5f27044cb749b1b7760946b7a25ad9e2bdd3 |