Analysis Overview
SHA256
1d9f77321342f1f97d775a059449385a4a5112f5ade85fdbc2c436b2d344802b
Threat Level: No (potentially) malicious behavior was detected
The file 88907c571d7ec1d9bc80c61b46cade96_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 22:25
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 22:25
Reported
2024-05-31 22:27
Platform
win7-20240508-en
Max time kernel
133s
Max time network
127s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b000000000200000000001066000000010000200000001ded645ae305f626d12895d85d0d777be5dc0768449a1a41978c120dfa1a0319000000000e800000000200002000000025241d627a5d970bcfbf2c205e041e71649f1626ea2646fe6ec4a3dba613c94b90000000ca41022a9a13210ce2398483032df8bd168f4a96d9aaf7898382c0fbf1b803bce09da1e0668a7d258f15fa0424e1467ee3da0572b071897ef981654e6fa459074c43c3f4c7f37f19b14460e936584e2edbf0e0e984d61e46fbf8b0e0dfe29ee0c2a1e707f9d3a6253ea271a41172f8073f645fae14a4382fe10e6e933008b2ef1ee9bd99928cc1953ab3c3157b1845cc4000000065a2eb9a18f211e7e383e00f15271990591edb363ca6a34660fb13a0924de3df97136d08282e0d550903b548ad315b9470608ed61e234e2b753217a6fd8cbb25 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A9119621-1F9C-11EF-BD9C-4E559C6B32B6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423356185" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b0000000002000000000010660000000100002000000005cdd7b9f434d42afcb6a31642b74c38101f048e2965487b391730ea6b8acf9a000000000e8000000002000020000000ae10ce3cf1e067db30ce6344b1fda7a8de0b3a4b12da83a4ee6dc1fa19286921200000008f3b30f4e2e9ac24c894bb068d1b7e8804590db5bfad1b8b0d78fbcf46ba4ec540000000b47fc5e46a654c020e2456828a99db8717a573f1b6f731bc2e4831d3fa0d5eeb25af44f940bd0972b5e2c4c7492cf249876ce9d1f8ef779e9779d5c573b72176 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40c7aa7da9b3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2900 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2900 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2900 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2900 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\88907c571d7ec1d9bc80c61b46cade96_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2900 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab32E5.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Cab3374.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar3389.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a82bd3caeec52d524a60e94aa3ce901a |
| SHA1 | f592de418d1487e14a41d289df64cea0f0c7af9b |
| SHA256 | 015e38c8435708c27f7d6503a12e5be7e2f7d66ee0b33cfc6f6b35fa0ace625b |
| SHA512 | cfc7def5cdc3d4fe374659f5053f925420f16592d00fa6a52a97ded4361702e12f72350424d712be2070dbc2c55b369945515fd07078544213e05566ff1bced5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cca519111085a0bfa7659f6d483b8549 |
| SHA1 | a750da544fe3e207533bfca35036d6b5f8ed621e |
| SHA256 | 6dafa584c821abe5b2c1d25ad159ed8c04a41ab414ebbc5d35c442c5946df820 |
| SHA512 | 6d35b3f7fdfac8a49702aada61ab1ff63f172b998e29302c9f4f12d0900ee93058c8ae701396a4a16d6cc955e3fa367234bf201a07173088e2effcbc0161c763 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93b9263fad0551e483134bbf89404ca4 |
| SHA1 | 7f76d23444218e89507567a4899a5871ebfe562a |
| SHA256 | 515db0aefe3a78e76af12f6ab04c73fe2cf8aff90316b1dc88c6ea88c9df2368 |
| SHA512 | 7cae324674905478e449a66ecc8c034209265b7c4f7e8c5216d0c10c1cb2ef8c561e0d78d8842038eb877ddacc23d6e074e1c286f1c1b1cae611a749914ac1e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f5732799ad09481287c6a511e16788d5 |
| SHA1 | 7852e08a8ca0d5109c6dac155004d216f6804375 |
| SHA256 | 33d47cbcd31a30853f3e7231239d36fff02de3608e48f35f787db7f8b6312b1f |
| SHA512 | 2b4bb53f81ac67bcb7b7a000d10cd0c212e82eec9513a6ffa43d763ef291d32407faacb9e451c87dfe3e8f1e7dcfdaa6278783f3a72d71eaf4bb4bc94d2912e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 649cc33189ccbadd4b5695dce3abca8e |
| SHA1 | 23c3386b52209a4fffa95c0d5421d46433a0e514 |
| SHA256 | acee937f8b76ac690f2b6386e3fa69d79e6fdd7907df9f8ca8f985e79bad5727 |
| SHA512 | 74c780d88abdaff9daa244c331a7923505eacf0428c57496a40fb00575123f4a022e0ff79dda6525b8e818d8433ccfe6a1a027d3dc372b19d2b82ccfec5dde5d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90296406e1bbed1bc8f7e58f955a210c |
| SHA1 | 26c903509da9d23e41f778f54db4479056380efe |
| SHA256 | f8f981f13fa7bb5fdb93ea2e16c4b13af496543a778730a8013dd9ab5e3307f3 |
| SHA512 | 20fde9db873922e8d4e0316c593d09b1d71d8a49450d7eb1772ae4d814214300714843821969e815fa8017007748798ea9f863895fe0153d23bf0393791eb2fc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35e710ff7101fd9622d12ffa65f6db55 |
| SHA1 | 422eebedff9a7b2da881df68d300be1e3b4dca3a |
| SHA256 | b17edf3a827b64497d4903f20598c5a39f454a5e60d3f67e5d05533f90c3d84c |
| SHA512 | 1ee7360e64d8fd8a6483e2630ad544e6ebe4335273cd3d0a7b47e0a38ec2bbe04fa60d86bb8060b41cc4fd50fd74e9ed6feb79739000d8ba66c528d3162f0f8b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 996a150160fe27cc48e4a19189a613ff |
| SHA1 | 0ebbe3735c64a9bf8210ca6824083e5076f415df |
| SHA256 | 08c61772c3060957da8e7b674ac7a9f484ac8c3f30a87d427623205040884193 |
| SHA512 | ba393894f6c514a9c22e5aa2f8c6576cb976b78f92b7867df1244dd0ac71ec618d61bfd5068e348fdc2b22aac39ac84d8d1f918e7a8241b8531e80dd36e99811 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 84e4799f709cb7c1f647ab1e26cf31a5 |
| SHA1 | a42e47478698a6a95444226327cda2f80e1f9fc8 |
| SHA256 | e215d68ea467143d0355c87cc1fd83d36492f0061b358b9dfdaad161a265ec31 |
| SHA512 | 65b643e47bdea4f76a1865be7205d20a7c25fb14af12e57aab298bd86dfcc66f4722de467392d288b1f7f99532bb3336efa833dc5af15c3588d0701321a773c0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb4015357441c021b1be133da2da75a8 |
| SHA1 | fee342facd72b295626b577995cf0c49e3673c78 |
| SHA256 | 6cb969633d39aad0a412c6c7667ea687984a51f7139cfcaf83c9e59d1403bbf7 |
| SHA512 | 432b3b3a084090c2f1f421e40fdebdce68edc5a3a25e62e6233e5b284ebcddb8945810a2a3bc20f35ff187848d06087a8a90eeea28ead9193d5d7dabe627a735 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 132d7f03f8530edb10d8b9874ee46486 |
| SHA1 | cb22f647a828fbe5c7c5d0c75b5d7c995eb5be97 |
| SHA256 | 0a411953d1b523a755bde11966c50b494f33ff14f8674bfb733aa78c59f16765 |
| SHA512 | 773402703d614cad261446da021e6927d6bbde7c1f8d1542fbf55a333026e66fe5ea5b349c75573b1b5284b45422e740ccf372c88d9c07898e4988b0a0bcf052 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ccf8b9e601acdf32da57ad2c2609e50 |
| SHA1 | 2638773d80756fda1924a7b174d727f0c2454e2e |
| SHA256 | 305aea46a2770119f250a76d618f3a23b7af02db81c4246e67097861635c9e34 |
| SHA512 | 348e4b54ef8033aaff4d1b506a9678dff850476411793e080ec1ae3d08fbebc474282ed94ba59c9ef11a11fdc9fd01de35fd4ee2b694bb77c8965a019223cfe5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2e9c255abd493412cf30ba02c1ea01f2 |
| SHA1 | fa473e24bc143b205740c01f3deb974f421adea5 |
| SHA256 | 0dc4af0e6d98fb8f1dfd046c5689dc40015c7dce48f94d8ea26cd5918f9e6da9 |
| SHA512 | 98085ad78e770ba803fa44c8a36da65be535567569704ecf85040591c1c3f892e7c8427643b90e70ef2f6a249a357f31229dafc108aa7957c75acf441d2b949a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5bc9b1d8c83a659bc614a5180770105 |
| SHA1 | cbfa4a91832d3024bc41689410063bef2e2d7f8b |
| SHA256 | f41a72acd16f66bff4eb876b3a036702d56a0c5d95bb9fc1973c8a48c09791ba |
| SHA512 | 4abb6652d4536221309c976410e0f7ebda9f3c7719b1d531c1082e0eaa3ba594b7d35516a81ae47b15e95ec7da352dff136ff32b39ad4931d7d1cb031a1a388f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7d71d2c6ce14f638f62d1a16f942c79f |
| SHA1 | 81400adb06966b909caa1db1af1dd35d0b63176a |
| SHA256 | d8a669e3aef0908c044d1928a363ffedef7c23658087f5af5f15f48d374eb9fb |
| SHA512 | 05f71f5165a950c7d208ab7572e815853d4e1aecc0d1de35575e7fb606b4bba5bf6d21ec25813066a62f121247203203d22e8192ab554393db3e2aa0bbbf30c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c74385e0389332c590392bc85b11a814 |
| SHA1 | 6424dd01b48400a0f575e98f70d068fe2943e63b |
| SHA256 | ee6aed8ae3032f7ec16260f5699ed34f68976b3e99832b75ce6581ee081e976a |
| SHA512 | 69b9623418611301cd3ce544560302068bfa4bad5f253952f4bc7a08be905102a1b812082d3bf9975782883320b7c83cfd24a2367d821cbc28acb68a711d9fb5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ebb351792608a4a5d1d7ab0e2701ea22 |
| SHA1 | 3de8e62765976dbf6dd5d4088da2b39eb8593104 |
| SHA256 | f8a46baae5266b79a753c18d814c4950f8425780fdfb0d7f2225cd4e2c5e4f9d |
| SHA512 | 7dd3ff0708bb7245cda5815badb27df8565ba4218b8d20238d98991bb29fdbfd72e7768187b5c1a2d0e770ff4742f53a86e045fe2d11f11390756699e4f7b017 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f28f873ca8b34e4111fa1eb546b30b2d |
| SHA1 | a726167afa22470215b22e4e05a877e3e5608d61 |
| SHA256 | 616f0a42fd3a11e21e841ec76416fb0c677df72493986ebfa2072ece0d61a676 |
| SHA512 | 5c0709645aceffd31633bc162e752c9e5f64c8a1bef4d292fd6b717512e9bf2d16922efbcd11905d3b40d6a32ab64b046c9b5833d22300bec3ce92feb2d6e777 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39227e2a0b8fa29affd8883dda049c66 |
| SHA1 | ef36f5cfe2ff834ab043cad4436375647e26ae0a |
| SHA256 | b89a69164e1267cd87d81742f3fe3da2c45391a37baf48c85cd8fae607dd19db |
| SHA512 | 770fa94089b46ca811b7f72fc30a245bb73a0b7ff84f71595e213fdb306b7f1c6dc75d2c263a0a840e2a9570d6e655b5c85fa84db2447e16e8884f688b056b41 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3cb2217a3ee293790d27caf55392ede5 |
| SHA1 | b25001a37e58ef92d78b9ad6d247b62aea88f971 |
| SHA256 | ce100c424e4ea703421a7d528a267bb8f80949dfe013504b659f0fed19b6ac20 |
| SHA512 | 40addc8cf79d7048902439fd86b97407cc565798468ad6f62af0c4f9f4ca94c733347be08ac5eba13ca67aa29b2de2f50b8aed5d7e98ef096fccd6a95600a100 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7bf0e65c1594961459a3df7761bed3ed |
| SHA1 | 48e0ab744b19f4cbcd3579ba545a72ff3a38fa9b |
| SHA256 | 41901f94a3276be4e59c96874fbcc40b782391cce11ac4003e39f0a59b8a06c9 |
| SHA512 | fded02bed3708d307d8d3ba9dc886c828613f1cd27e9af1dc579dcee46e77638ac7dabda73e5d8ff5cdf9c25918c365b20292b8eb8f5223a9e450c429918dd62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a5b07cc35adca78d51a8fb091276ec2a |
| SHA1 | 5f7faefa46df042f5a68737d21ca2aea2515c394 |
| SHA256 | 84d4e5a678f4f3e6adcdba10873b1ab66c16f9622308b8b5165a944f754724de |
| SHA512 | 8f88f313223f9e604e8d0ca10e0dc22c5b717e884e5911a96451ad7458df4f903e8fb607e96dc5ad93e3d6f798fc4d47f32c25705edeca4b34e025117a383bc9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20a26c71eec1e60711f7cc703a911375 |
| SHA1 | 2f2ac87a0d9b961c55d1d010c3c3b1cd53e01936 |
| SHA256 | fb202ad7dc7be49a961c56536d7c6892c97ebfb06b24abb3af6d89db312af51e |
| SHA512 | 8e5a2c65f6e0f5f458498ef965b09f8947691e3b95288e2e62f69f67ea52a8b26efcce52d3dc5e92ffb04a515afb94db285d6b10f71862985c194525148d9100 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 22:25
Reported
2024-05-31 22:27
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\88907c571d7ec1d9bc80c61b46cade96_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14282100214420084495,11190579424769605580,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5432 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b2a1398f937474c51a48b347387ee36a |
| SHA1 | 922a8567f09e68a04233e84e5919043034635949 |
| SHA256 | 2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6 |
| SHA512 | 4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c |
\??\pipe\LOCAL\crashpad_1964_YNWZBCVACCUEOOHB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1ac52e2503cc26baee4322f02f5b8d9c |
| SHA1 | 38e0cee911f5f2a24888a64780ffdf6fa72207c8 |
| SHA256 | f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4 |
| SHA512 | 7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6a023c6a3980e9b51b1a82c8257559f |
| SHA1 | 8ac73cfa93daeb035721ebfc0d71d5e270eb8d2e |
| SHA256 | 8b83007a9973efd05c479e3a1b1969bfc2f46f141f384c1057ee1789b133737c |
| SHA512 | ff42664ec297048ea532a0b3392bc22738c88e2aa57afb62faefc19f83c676b8d8a214dc606d026157fc97f590699c8626e6afc0f35442265a9761ee73da9a71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cc6c1a9f00c86e763d31f0f16819b430 |
| SHA1 | ed32ec79f520326074b79457305057db42893a53 |
| SHA256 | a79bd5a166c614f1ca800b3d1df3adbabf86496e8a20df512f555cc19f2db8fb |
| SHA512 | d120276cfba12f359da2e1ca07cabd1bf8717a466042088ce78c93f15b8188b167ab21ee7d5e4d4378e81302d9e279e6a7f79d8ea4fdf82a8e371aefdb347d28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1be234dee287ebb1ed6b0bf86f6604e4 |
| SHA1 | bade345c37dde3f082264feec368b705c269a5ea |
| SHA256 | 0fb58100dee8ef605b3fe973226058722590d1e95ae50e0f93c09f741ce9e9e5 |
| SHA512 | 3ab77293535bd4069dbcadb9c32a88b57986f65153aa0c22a867589e9bc0ae1fb4518dce9c3b1408505099aae496f833f2438eeba1e51979e8a29541e9d63bb0 |