Analysis Overview
SHA256
5c61ecb2805f69a2a3aee89212488125480fce105115836f90d87621237b5426
Threat Level: No (potentially) malicious behavior was detected
The file 8786f5480317cbabf4489f00e15ae859_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-31 15:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-31 15:45
Reported
2024-05-31 15:48
Platform
win7-20240508-en
Max time kernel
136s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000f993b3c9bec9804812b9c04e77f634f4863f3175f82f03ea329729d3918365df000000000e8000000002000020000000c3782761662742dcf2f6b524c24c7d068fdaac7d1f408f3d65a66835683c1b1520000000eb052d80cb2c7f0c65eb497fe0ef7e2f11d50d62dc3b2f3336b485055e92b42a40000000d26d174bc1cc6d8bf5bd42f20ba79cda135c88cfaf3e7baabba976b64a55c514d46fea254e2ff3f2b527a5d8113dbfa833827a3e165f370a9e2dcf06486cdb44 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332223" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 701c23b371b3da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000e025c78b75852da7337d594e667537feb2e9e72f49792d80aa06d701d03b9d91000000000e8000000002000020000000695a76244546f95fa6b8b0384987695f0a033aa8de5b24b5012139c2264083e990000000b410cfef666f74ba5612000d89e0ee733019d86927f38b0e1e958628ec2330f44c40033ca7b19b1429821bf36ea389d7437c81f6db59c95fbd3a47f7cf8b66308a24d4d953430bc9aaf0be7a3c0086fcdfb5d6adadcae65033c14d2b417711a26d1e434479db8146b0805d018d3d19a2a0c3a2bb8b9fabb472909eef6bf32ddddd2f6356eda248803661b881fa4b43e340000000bbf98df81d5acec250e909d8b6b1c438e9e5cd0b754b31b0ddb58a09d25567acfe8f6452f70e4976f2e2044ce792b196dc1becde14ab3fc5133f741b2d6be806 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DE8FA041-1F64-11EF-A4F7-5A451966104F} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2824 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2824 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2824 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2824 wrote to memory of 2064 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8786f5480317cbabf4489f00e15ae859_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2824 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s201.ucoz.net | udp |
| RU | 193.109.247.223:80 | s201.ucoz.net | tcp |
| RU | 193.109.247.223:80 | s201.ucoz.net | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab3537.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar35DA.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 242ce3801560a55e07d2dd55d77e2a57 |
| SHA1 | 92848ce4f48e87f178b58117c387732ef87c1c37 |
| SHA256 | 02dc1216cd96289323f661c5fecc2b0f7bc8513effd743b70644e8e385be8a4f |
| SHA512 | c99350a0175458f576df081392ff4d0aef734609958a96bcd4f10e8d1a5579ec98e30e079a4bb953b70a5e2c51aa61c78055569e2571cef39500082e22c49f01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0825596aae75a621d109f5bf3c38501f |
| SHA1 | 6ffe93b24d949fbd7ddf8bccc77925b6c2b6ae00 |
| SHA256 | 8f1297af224dd15f440e39b30527237532dbe59f93ff49a1fdf56776d9b420e4 |
| SHA512 | f12f82fc51a583c9d92005145bb8f1faaa6876ae7062a9ea7111475aa78210a9e632c9459d9344758b94cc9ee916b1604b2991795985e96f090d9b72503b7d33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0faf287746b227085105507cb6153d4b |
| SHA1 | 9b0f26e1af8a2811a9c48bbaeaa87c00ae9c68f2 |
| SHA256 | 6b970964d40cc6a082e55a47f6bee3fb3ab00dd2f17f08d6188497eb2de7860b |
| SHA512 | a04e8c36d3e006e584df88eeee570e6106ee1c901b8bc9215dc85360db8c4ed4267f8d2165ae10e1a75b951fee81e6d2bbc11ad885132bb71f812455c54738b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8737c86429562cadb852e382a36a8f15 |
| SHA1 | 677aa1447956a30265c322df85212803b6b3827d |
| SHA256 | 4b014351f35a9f6dbf57d742bf5cb0e27774f6ca0e6c205236e1e30a23ef8569 |
| SHA512 | 6b55823374ce2eba7dcd3e5d22a19bb57ff4f032b81fc62148c4039134fb983f64d9c47081e2d20b5a64f37474f209aeb1bba85cc7c2db0eea5e1095dc3472f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | feb974e6a871d41a669864517bee5b02 |
| SHA1 | e8d5c15232e7f44af4a88cd031c7f51295671e59 |
| SHA256 | 6f201b2695a5547747f7d68f6bbc0b6d42d0744c038fec04e1faf31c00bf5fc3 |
| SHA512 | 34e7b42a62eea68e7cea7a034d21dde07269f49b8060a4fd39e4d090d8972d693ccfba6dc5b8c7ea8803842060a956fa10306ff87442ddd6776e3b47f92f0012 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c16752f2d47acc3d71be3aa1a491e4c1 |
| SHA1 | f6a8f0473ac0b5e99c8a855f36f40c50d31a2cd2 |
| SHA256 | 24ef5fdd9769cfe2b860a471649f38f30888bb49a223264b876e10f9e410b2fb |
| SHA512 | 16bcd882e4b37a0fe2d8d0fbf3de50f1d3ed9dfd659ff53c0692079fc6d369f683dd11acadda1cbd42fb6f099dad5cf08251a0abe15c6bdf7b7047cfe16acb62 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0a3be8797db041fa964b4e4072f994c7 |
| SHA1 | a58e8d5d3c8f851ff532fe731563760b6757bcf5 |
| SHA256 | 53e04a9f5d556482bb025e34ed1bfae70869234443d3cd88aa064cde448bf2bd |
| SHA512 | 41c94d6ae907cee3ab9bb5b0d6c7d73f7714877dd218e89e7183eb1ce91296bb573e3486d6971b5b53151d6bf3c0284d15c948fd0fa10aebc354d8036782be89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a367fcbc46b780fbe6f551a0f970ecc4 |
| SHA1 | 8b584f8948161c02bfe1bed833235bd471d4fba0 |
| SHA256 | 61d013ebc1d1a8a5c1e3bbc857b5aae71bd8b45ae6f7e4eced54f7d8e36a139b |
| SHA512 | 08952458ade8270d3c2923135c2629e9ce3122ffbc6b493c42d3ab878c6426733c0f8e73c7c0ae8abb5f9e536a2864f861efa3a78c7a6192f0380a9d3f528cf5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5ae94a556e2cd572f87c27173cdc519 |
| SHA1 | b4590e641a6deec912809f1d2078804b26555b2f |
| SHA256 | 0dce46c5daf360a1eabddde50521da178fb4e07364d487f65654e1addb351709 |
| SHA512 | 9315fd0a3f4e1a799e8587b90ca85082660b79e3886f4f408a72620e3e6534d39b0447f14a47b7cd58666a8e3613e7864245b5ca56e3fcb39bd175df38ebdce9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35086cf004177e51c6073bfcf01caf21 |
| SHA1 | 6f0fa295c2c8fa2620888d9ccb535141c51a1c37 |
| SHA256 | 49585b43a5cd719862602b3780962817fc3e9fcdb030a7a1473d907c43ecf5e0 |
| SHA512 | 2a00144b911ec53443fd3893d0de460a973145971dfe4f7cbe13c3e1ef5d5057616e4ea6748c4017d287ee6b07dffd9261a68cf75c60f3410263fe1454374ea7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7447b70f0b355b0f48edfde25ef265f5 |
| SHA1 | 1a4c15d262d66e457faba144c79280488d6579bd |
| SHA256 | 91fc3cb1012d87e876d75135a03f6a64278f17c18d50801e368e755af61e4d03 |
| SHA512 | 173b45d1bbdb9eaf534a951c7012400606e91f492702bcc4a6c034f070cba80935884959920ecd953753c4df563ec2188aa6fef25addf79b85bbbf985a45b518 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 62e55e9610491c576153c10daeefc563 |
| SHA1 | 9fb33d1b426bc7276ef622cb05708f4568d72dc0 |
| SHA256 | 72689f82ef650d4b635db9c55621dfef755540096a0853b91b011a22c006d773 |
| SHA512 | 7c54f731fa06fe691799a47e8db3fe79ddd6f0f6da0ac2dac367caf07d2a59e5afc614be5b7f1a68e21ef1d62c84673fa4c121d2979236879cf6c1023d6d3000 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 67f68663dd82d7b55a22991fb0081c2b |
| SHA1 | 134a3609369bb5cb8c930087fcd32052948cef2e |
| SHA256 | 5c333c560ee04eec06e25ba8ad7a015c6577bc615360cb31cad3447086188cf1 |
| SHA512 | e8a3e6ff84714496e77fa8ce80d467c4aa1282c33e2db7df9dc5c369bc6b671873fd55f534290a48429115434fbe0e7960b5136d79f7e3442d0bc5656d9ba209 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bd385b6bca815041fa66520683df352 |
| SHA1 | b66961bca73d606ea15bced6f81c46301315b186 |
| SHA256 | eaf8c8882c0554d8802e64e759b00353e7bfe93ab03f96c97b9449bc3942e627 |
| SHA512 | 36bc2bf8b68f58482b4e94070b6e9b62beb90b9184e79045b89415ee8004fb3c2d8c4f954f0495486ff7dae66a53cdbf20afefdeae3aebd72d67faed0a86cbfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e287f70ed3b384a01427bb52e8c8c81b |
| SHA1 | 94e1d7bf377f9cccb10bb3661201a33a54ae55f2 |
| SHA256 | 358b0eef70ac6f530b12ef8cf3ce307c3b1c29af60d7241c0529c04cc5ea29a2 |
| SHA512 | 8563c26d128ee2d49bbd895118649f5c9be8763110e5e56cf24cdb59590804a13724c698b288d004051d597d1223b5a5b5d1d266a5e8aee87961ab5041d37bec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 573023282c74f1f5a7515e5507e7b3cf |
| SHA1 | 53ba9e65f92668b123e0a86a5b2cd46f78ce1654 |
| SHA256 | 84423fc25e40e091e88bf979756ce7758e77487845a0ae30a7d25507284fcf2e |
| SHA512 | 2a1dac8492b691deb0ebbc71cfe1d63fa7c217ddc7665a49da8ea01617babf7f6c61fece8d543aadb95de733b42743a558116178c9234565714fc1ff185b285c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d64d05ecdfd4e95a653f4b7e91b44a15 |
| SHA1 | 46a04c6cbcf3e20f319f9fad24c93fe47f6d14ae |
| SHA256 | c065b03d96e37ab59b190814b79b8451b3ac02541e28123f1d5c3b2bb5617cfa |
| SHA512 | 5a7926212f07532a18684b1ed7b83b0da8fb2e2a594ccc949ea0c9e740ca63a45ac8a9b0a7d0fd67f5a58e05f2f15d953f5b3cbf3c2d99830df5857182d1750e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 807495df4daa169ab8dac98d76d0ea60 |
| SHA1 | 91b4660ccb706c80cc10319e51bd6b25e3760e8b |
| SHA256 | f82cd7ac3ab51e6d1cdc302c655b4e37d9e502bfdfa55c111b5677f8b9db0521 |
| SHA512 | 2bc97469b22bba6129145a066f35e500d1db39ecb254822bccfd6d60eeb750d300d50172d5bff58456c476096d71130e6f3ed1c7c3a35bee2e7519d4d1a59648 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e542b3c4b9e2d23ddc19550319caee63 |
| SHA1 | cdc50d1e5a087def7b6acfd89735bf2649756c9b |
| SHA256 | 765c9dd9ecb984451b3e62065b4f87e7ef1beb28496eca1dc731a85ef8ec92f2 |
| SHA512 | 1c894fc70f0d3f6b58edc765f598123292c66c550ad47e95388e9e3282adf2f0f2fb7cdc81a370246b70a39e39ba2db3eeb16f9d9c0145ff6866cf10bd6f2c6d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ba22336a3563100f7e61cd5e94e99d11 |
| SHA1 | 5447f8952bbaa6499fbce8ce31bfe10290188a0d |
| SHA256 | 5b4200777f265b6605c00dcff8775b2af1255a0e2e82b642f6e3557f1d0be1e0 |
| SHA512 | 190b7dbad9c646e0559bd56c92197f23835669d4040aa9ceddbfc693eeca39c89ed5c8bbe1b94c50937cde845be372f34522e57dd6c98938ad545d76b29dbc31 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5cbc877bf76d5eac292ac1e88ccc31b8 |
| SHA1 | 4b25a998ae81005010f3cd691d537d601420c848 |
| SHA256 | 7c8aa97c5bb3304f255e9d9a867d859aba179188b23daae58f0c0928839d116f |
| SHA512 | fefe73bdfb06f06f5a78cc1e2f4b3788b99354cf8d8cd57b69db5e04deb29d7b8c9dee961a0754c5360109596ff4b354bb90f148bbf50998c008406a6154a2e0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-31 15:45
Reported
2024-05-31 15:48
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
127s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8786f5480317cbabf4489f00e15ae859_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc77946f8,0x7ffcc7794708,0x7ffcc7794718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,930239716863612917,5533318403648901061,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s201.ucoz.net | udp |
| RU | 193.109.247.223:445 | s201.ucoz.net | tcp |
| RU | 193.109.247.223:80 | s201.ucoz.net | tcp |
| US | 8.8.8.8:53 | 101.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.247.109.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_1100_FFRNKWTCNFAPMLDC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1486ffc181400f36c011382693768c87 |
| SHA1 | b21f3c6efc3ecbf1435a3707e1db2193a861e121 |
| SHA256 | adb844dd83f40447bf38fefbc9b959e1d0b126cdb8a493c2658a1c0702bb1e73 |
| SHA512 | a9f30bd45e1c29e18faf1ee455eef66fb9e1e8b5a52f976c25333539f27d9b6988aa3faf9286804051010ae242461bbbfea982316f11b1f2f0ab7df2e9f1e402 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 70a46b7575d7b0fcb1edd1985c3a194b |
| SHA1 | 8f18b9157789d46cfc485c82c8bd06e04c9c68d0 |
| SHA256 | ce3e611d3262a3f33a59f9a38c46ca6ec1b83f6172fa585c56c823f85e31cd3c |
| SHA512 | 1737d1759a68013fe0bd82c87ef8b8c97689b3dc7b041dc87c117643a3c71e31f73a756b962991857d6f744b3827de037769bebd9a00ae38f79918fc79a47dfe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 32e66cc611ec3219d396c86bdaf34d84 |
| SHA1 | bb44f53a3a89a1a27505e223ff03b3e4d0334cfc |
| SHA256 | 81f901c8f4bb66749a190f36cdccbf49db8fa0575378450c4a7eb04568c21eb5 |
| SHA512 | 3150dfc9f20042a1351b10398beae8acb272a10ef6441b132993e6b6596d27903c1e2561bba8af07a774bbf3899b7f1e6cab8ee991526529afa6838459553718 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0c3b5ecc582b4ee3118c16bc5be08b04 |
| SHA1 | 4ec954528246dbb1a0aa6fd37c4fdf2d5fd67f87 |
| SHA256 | 1fd95da81ce48dd4f36d9e0c960649c129244d189086644a8ad8383b1265d33c |
| SHA512 | 08ee2f057198ac19b3a9ccb6cd81658847c9ccd63e05fce9dbdc0e584fe04fc842bed12d9ccdf7e54d095a79d1fe5d73472c15daf147969b3497f37fa29b5d3f |