Analysis Overview
SHA256
028dc60ae57e948d97d9257b6192b75a715c5755a1dff0bdfa84e290d60f9c79
Threat Level: No (potentially) malicious behavior was detected
The file 8b5b3ed1a6fe0fdc267c26f7d2866215_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 18:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 18:26
Reported
2024-06-01 18:28
Platform
win7-20240215-en
Max time kernel
141s
Max time network
121s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808dd98151b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d386f2d53b101e4c9cbab0c0ab3a9bff00000000020000000000106600000001000020000000f871fbdb3557dfc5453189ecae1aa3bb07037acc12403f20f2e8d74ef117f786000000000e80000000020000200000003e41b35766b2c9632273571f916607772456de2e348abed2dcec823b45e59684900000001a5bbac082b86b0b3e672378ce9173f22e5b7e10333acb61faa9ab3cf39fa234fb66a3400f8c7bdf4ddb673c570d234820fbf4658071979bb1b8f53b8e0fe285346143f4900e388e68444a2b6e9ecedc2ae7a6aa650c084865e3d6162092e66bc66165f5dc2b84b9b92c3ccaca547d022ad0a610a661ef23955d52088856070a41789b398e9f05616a49a764b0917a3340000000f1c7cde60aa2058f2811d4081b2525baf3477d73126c55afd93409fda71e5efa97bd97bd0510de16b2e2d7b33e850436f0b16ce0bff0b7712ae346cc8ce8a658 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423428238" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d386f2d53b101e4c9cbab0c0ab3a9bff00000000020000000000106600000001000020000000f94429b4182c7d724a706d02cdfd344023abb0da67ed78ebd40f611905dea5e0000000000e800000000200002000000017f746abd249b81f397fa1a993fa601d8f448a4a33c8d7d92d21f3378db7d0cc200000003f16a647e8813f72f675d835586ea60c5b0fac5478e043d0667e29ba9a8cf0b340000000371494af37cd67e455d0cd639b20c59dc6f4a1c9c493e7cb0b9379ad83f5c73d3138ecaae5c8ed3dab47902bfb05a8b12217c0c83d050de8475a013d54407a2e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6B5EC2A1-2044-11EF-AF73-469E18234AA3} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1200 wrote to memory of 1540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1200 wrote to memory of 1540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1200 wrote to memory of 1540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1200 wrote to memory of 1540 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5b3ed1a6fe0fdc267c26f7d2866215_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1200 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edu.cn.rsyzq.cn | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1344.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1445.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c09e8d43b0003d7ae9fd0f84964fd5f8 |
| SHA1 | 873ae3c1827752fb13b4905ef07703329393ba13 |
| SHA256 | 41d09b10566f9693d1ebfd5f7514fd6b4786d4d6bfd0f41726df63eef052d581 |
| SHA512 | 9a8b8385feb8b2d3b120d4d1830c500c670a5f9f422fc8a3dfa8ff7ee935bfc67fcf751343d66a9bd7a45a86dbe00475807b083cf492ec14b97a9d6e276346dd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bd8d8f70183e4062a9b2677b9bb8768d |
| SHA1 | 99005c8781309179cb5563a5c83fc21e4a94aeb0 |
| SHA256 | 9f1071618f39d182ad717ac17accf067d12faa7ea26e6408ed2bafcff85a3da3 |
| SHA512 | ecfc17b09e5a84757b935740478bf2d8d4ecafbbc902749de20a7485107a9949b9fc2fffc7c069d20eb7c4c40d81a6b75e7b3103a2364be963d60b9f16835d92 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 70ae11e2ef788a5a98897a0f2840d3fc |
| SHA1 | fd21e498268c0b82d238976d9de3642e1f617d9c |
| SHA256 | a88a68fb826a7842e73d50ff7d2d810f302796b9259887d3fbfb6f68c79e828e |
| SHA512 | ef62a25e5539ac6dd1500b896e2d3aef31b0a156795ba50c1806dda8110617c453c00c93cf7e1d6ad782e45c8dbead6ce9e1e477d5425d1d64e8dde3f6122dec |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 93d38e12e167d6c5b5fff27c6955c9a5 |
| SHA1 | 0231acb028e9f5a62aac7c6ed1cdb5a35c8f699e |
| SHA256 | 0b63eea0e70376344af2e597855eefebe48e5a2f579f366cf1f5250679955ddc |
| SHA512 | 393f4155371a6f1d734d8b97c14d7af601200bb53e78ac835046cbbb22b5da6db837b594354e6252375860f0fb145f2606a99c3f8e9c62b001d29a6c31de65bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c59279b8c77297bf7f79e8d69cf00d11 |
| SHA1 | 1ebe425e71120401efcc3c87ba72d612aa3ae003 |
| SHA256 | 4b2fc6d4a23d213ef3dbce9396e06a74c6969ebc30c97f4a7d2170b6bd183687 |
| SHA512 | 6081e1c13b59b959586e583abdf6fca54b77f0480720becc81b58195243112136f0884ad3c1e39e269723b4d591605bc76904ab6e37101fb06ccbc488952bf3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a4aca579d21fa7e0e74194a3eda6e61d |
| SHA1 | 8a49915b7ba6f677a04e3ff7bfb3f4a17c6c41f4 |
| SHA256 | 9921ee728230e1e48da94558bef2fcfa58989f8913e93c9cb828ef6de797ced8 |
| SHA512 | 05b8ff1c06014683f00c4db4c113990131a394e1bbc27a05b9942044031209f100abf4373c2127652d36f70a16b3375ff8bc2ab8420b4815dc66a281aa59b4da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 48a3c88d1b26df39d67dc134603a777e |
| SHA1 | deee7df23c346ade5a71b299c1b19c91cd73d7eb |
| SHA256 | ed2fe3e55cb942b4da44293e7ec9b1ff8ba5b7336647e5c2927f99bf8a7a102d |
| SHA512 | adbd667bc093df8fbec90db912d863a3ad2064eef8c3f2b5792cf6a44a429700b4cf40f34ef52535bffcb38cf2bfe8f6a75749afbb78177a7ce9a81abb4f9fce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2eaa1a042dd857d3d63bed83e046a637 |
| SHA1 | 8eeff544f858a322b17a6e9b8629d2b3d436230c |
| SHA256 | f960b154e509790e9ab9b44691bb8e53deab4fd847b3ec8826d082a6ed4aec50 |
| SHA512 | 9d16bcd5454a320214eb86d2f5db485483e0852e1d0327840933d5b5662a7e832766b25ffe87177adae160767875cbf472157c2e093583033e6b6a543e5e8290 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4deac957a87e68db9c869ee830293d1a |
| SHA1 | 0eaacd384b7d43c13fb6c30cceb95d1cc202a965 |
| SHA256 | b01d743b2a220cf666b1a0267e113825d9db25f70abb60b55b2b529e20ac156e |
| SHA512 | 5eefe33db55b8d28d1889b0ba5d11b1f31cce3f94b6e4cdbf3d6df36c6cd5d09f908c96a12960661958c073137b619b50c2d331d33db9b1caf5f4737c3898154 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7fba74829a6586a1e53ad552d3830e9d |
| SHA1 | ae1f8e374fd0096a31f1691d24d5c4eaa18f34a8 |
| SHA256 | c0f36fe80196e80f9ef629eda6c0e40a2aad26454b3859e187a9846da2301c01 |
| SHA512 | 6d718dcf153dc508f7322038e4ef02c5a3881f9eb614293e50573bc9f85390048d2bb2fec63e1dd4da505ccae8bd3bb114aa4e5fac60f84a5a73f4996458d9de |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd21cf1064e675092f15136ba7b31df0 |
| SHA1 | a2e6ee6a28f318c069f3a7d16614a2732ba09aa1 |
| SHA256 | 8e9ee2ee63f24f2e8d37f712c89338421d837caed1128106c6bdd3b25ecd8227 |
| SHA512 | bb58a2bcfe447b91937b0e90ac949be25848051443fb6e48a97c1fd4a4d59d3b52d82647bdc9bf12d2303ab373dc9b8fe0a2b15b9a1900cc8f763aa1486a6f44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab092b0c106270f9f94b2c7b9c15f5fe |
| SHA1 | 522ed959355a3dbdc467c73cd74345c865ebd1c0 |
| SHA256 | d885c2f18fa526a72b3aeabbfc5153238d05873b7676a84ad2e01c68a7faf132 |
| SHA512 | 75beee7b51a1fb286593b50054ba075f6128231104d07e3568431fab8c84ceda3486f4fe66ce51160190edc52fc5698869003dc1e35b463ccee0022b3fe74c96 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5637ec86667bc1f34e530a6fe21a6215 |
| SHA1 | 5469ef49a96374ed3726a78a614d9b4026179302 |
| SHA256 | 08f82082c11e13266485ae73ea938edacdbb58d580277521829986192c0f8bef |
| SHA512 | dc37546b1e4c8d825e89859082157e7c36e1747510eecc4238a4842449cee3c3303cae3e917e9d1fd3ad01f758b796ade478b6dfee0c158913e3a1e0f1c9ecb4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8e7869804403ba9362bba54d7d6b2a23 |
| SHA1 | 936830e1fdbf6c9bb815f32c69b11172311c04d4 |
| SHA256 | 86ad6b1e277929b09d55745994235e32269fd9d869eaeade43ec4fc7c7b6c1ad |
| SHA512 | 81d35610dd65848e3ab4697b3fbaeda2974b49254af4c2fce756707eed7df9e412830acdcf0833b5b83b8aa0cf74e2a7c0c75d0943bfddc81ca08e81abb24439 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f1351417f8be53a4120e4f732f30b4a |
| SHA1 | bc2dbb624c3dfc033c097419d0eb67a45feca909 |
| SHA256 | c7aabfcd876b0bbeda2467e1f5a38d3edc7db95e316ac354fc4357318d0896aa |
| SHA512 | 96159884660511d082a66ff54224a97ddd2f6670ac422cb56790fed2c849306d1804a4a4cfa9614f82221a040882c046b180f9efe31571623c67a32b3e4e539a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59e1f889fa773a77604ee5740f4ce193 |
| SHA1 | 9ec2cce9a21a89ee0ac7928061a56bf7489ecff6 |
| SHA256 | 997ccb19a2564283435dca2f975d89618de8116c86ffe940130c78cac4485e5a |
| SHA512 | b7ef503286890af288648d139dbd6467f3de7a212a454188ba0b8f64ef78c3168e2f930a5eb8227ab75212dfdff267cd43335747815661a618bfde9f9be64c4c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2bc6c4bbdeef27053457af08a95b21bc |
| SHA1 | 52e0459cc798face130468314db18b1b90669a0e |
| SHA256 | 317f8e8a160605479c05cb754b37585e3a1983e67353824cc5f98ebd2308ab3e |
| SHA512 | 73eed2c4b2603a911b9a46e2f8c69b3fcc84430101cf7632d450ec40e277c6e2a480d4ba61e044a82842dcd561959592902968c5f785dd1153d280417c5706a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 901ca59624563126a60abb2e806f9d64 |
| SHA1 | 2e666eabdc7d49bdfaceea2e6188ae7612210cd0 |
| SHA256 | 6c2b140b02afe0019c89238028cbb5c393b4faafd240df05dad3bb83e486d070 |
| SHA512 | 0f79891ac4a7f59d4058476368692a04b936f3cc14ac1ca36f73270c7e5b0f87f93811432842138d730e64d3d832b1d13a01bc0d41442f173f9251e8d4f03527 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ad56a29833fcac36376447b61854f812 |
| SHA1 | 855fdbebd1f58023d07ca5d1ddc682a4e96ca9ea |
| SHA256 | 8bbb8ec5b473b7a4f21f81892424cd1c15e74947d0bc871e3c707ac2fb9a4407 |
| SHA512 | 5151150284b1b4e9a38b3e98c8a9540272c3c61535f9848e1c09ac8b5cdbe8c5b419d1cc9d1df65cb874c58044b2723817981d32b43ea81b0b282f3733604d1b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 18:26
Reported
2024-06-01 18:28
Platform
win10v2004-20240426-en
Max time kernel
150s
Max time network
158s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5b3ed1a6fe0fdc267c26f7d2866215_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffd521f46f8,0x7ffd521f4708,0x7ffd521f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1259527648247952271,17242840553529861594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1259527648247952271,17242840553529861594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,1259527648247952271,17242840553529861594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1259527648247952271,17242840553529861594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,1259527648247952271,17242840553529861594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1259527648247952271,17242840553529861594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edu.cn.rsyzq.cn | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ecdc2754d7d2ae862272153aa9b9ca6e |
| SHA1 | c19bed1c6e1c998b9fa93298639ad7961339147d |
| SHA256 | a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7 |
| SHA512 | cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2 |
\??\pipe\LOCAL\crashpad_2792_YRMCWBCZILKEJNUC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2daa93382bba07cbc40af372d30ec576 |
| SHA1 | c5e709dc3e2e4df2ff841fbde3e30170e7428a94 |
| SHA256 | 1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30 |
| SHA512 | 65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4bb0235b40857e2c30e3ed6d6ab70c9b |
| SHA1 | 2ce523dc0a2c72435c345351889e1170a52dafd1 |
| SHA256 | 98cecb59b72e48534d6f1c80121287f9a75e7045807637e60d980fc63a69a857 |
| SHA512 | 049ac35c2ac37b65b1f58755bc0a633a3e2f3ac66ecd7cfcabc5d3429f875d9553ea4e232b4ddb743f25c5b055ef3a00a8c27da7b4fae755de6228ccb7e3f5cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8dc8dd8e-3f26-48a3-8d1d-ae3e9aa63b7e.tmp
| MD5 | 2634cb577e41a4fb4529a12799f5a3bd |
| SHA1 | f1bf9400e5d765f1b3e6b9522c83665dc70f38b5 |
| SHA256 | 69b1c0c488083b50055e9be6dfc533b8ba0f71968604d35a53093a5b76a524d6 |
| SHA512 | f8636de79ebf1d67fb9586109e02541fa65764c72cc83c89fd96265658fab992a7428246371daf49459280528ff293e63cda7e4e41bb1be415b73314afd760e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 65d55909dc122770bc7797136195a476 |
| SHA1 | f7a529a728816cfbe286a7909313e30a6f334a13 |
| SHA256 | 176096873fcd146d968552f9f16687da8b340ce3885dde51a3ba9716ce3e030e |
| SHA512 | 52e09bf72c7feff2c34ac1f4918e9e19eb57fc717b19d69f1789c27705092eaa1e7633b9f4f2bc9a901d93248580f01be1a0fbb4f8c46d69c526fe70e6d5a806 |