Analysis Overview
SHA256
bd2eae27b807ad7addd5b521a33633dbc44ca37c1f426bb6866b59f451edd1c3
Threat Level: No (potentially) malicious behavior was detected
The file 8b9d0f02e8e0cf9f49ac79dce10673c9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 20:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 20:04
Reported
2024-06-01 20:06
Platform
win7-20240221-en
Max time kernel
139s
Max time network
140s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A579041-2052-11EF-A965-CAFA5A0A62FD} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5038a7ef5eb4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aec1c5165018634cbeb68d072df069cb000000000200000000001066000000010000200000000e6154c938b621f29ea1da39b8cf048b58afb347c02fea0b73e8f8d610ce4b13000000000e8000000002000020000000cadfc460f6c993be3a5a3adbcc806f8f2a39b44434e6e72e38abae14e7c8eefb20000000765d642e3d721175f75afbdb9811ce3116e600ccdf0ad9ad352c5624e3039a5040000000768ac64ebb8533e569749aa0b174a2e21a06f99159538994895f1f8d7043661b0ea0f8698c1f73203247479a39e5ed2084eefe3aa18417be67c8756299ba6f00 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aec1c5165018634cbeb68d072df069cb0000000002000000000010660000000100002000000075c5b084c93970372891bfb89b3a313e7219f07abbb1b0e9ea461535df4dd70b000000000e8000000002000020000000343bdaaff684b95cb683a30ea2db3181eb928d2c2ac09cd40b8b239364fe801e900000008d94c714dadbe1f310802b69966dadde2492452789844054291c5e26c3332675ce023fb7bd51b466606750229a0cb219aa1c376f35f8ca9847e3d98f59c58735de4583425f2fc03bd26fc4dd0da7ed445bdd61d2ebc3b42ddceeac9c722365a58a8078dfe9ced841ea1076a0a9cda65eea2fae91a6466d8d4b0df229bc8d92c2b4b64579c6b0b24a4b0458fb4b10fbd740000000a23b2ada5b1d5a1e36d7fd6846a58360c283438b0ead5107adead152462fcdfd513294afc30f2ebd7733234e4dcbe0557d61467433d446cb8661b937f99199ef | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423434117" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2872 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2872 wrote to memory of 2096 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b9d0f02e8e0cf9f49ac79dce10673c9_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.todaysparent.com | udp |
| US | 8.8.8.8:53 | behdanehgolestan.com | udp |
| US | 104.18.1.104:80 | www.todaysparent.com | tcp |
| US | 104.18.1.104:80 | www.todaysparent.com | tcp |
| US | 104.18.1.104:443 | www.todaysparent.com | tcp |
| US | 8.8.8.8:53 | keit.kristofer.ga | udp |
| US | 104.18.1.104:443 | www.todaysparent.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 104.18.1.104:443 | www.todaysparent.com | tcp |
| US | 104.18.1.104:443 | www.todaysparent.com | tcp |
| US | 8.8.8.8:53 | maps.googleapis.com | udp |
| GB | 142.250.187.202:443 | maps.googleapis.com | tcp |
| GB | 142.250.187.202:443 | maps.googleapis.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c78e4ba568fd1c2f74f274671f5676d |
| SHA1 | 93fdff8b398c0601406deaa9608a2e021f21db50 |
| SHA256 | 9c807a61027350f832ebdf1ed4b2824c21a8c3fabb57a59197772accd05f91ea |
| SHA512 | a9a5439d914dfbc7135f5098316e02c46d625a830c253ae738eed567980f1bdb71f2308e5d192996810785340e45f4aa6cfa03e876296dabf6a043ba893b3b19 |
C:\Users\Admin\AppData\Local\Temp\Tar33B2.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Local\Temp\Cab33B1.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab34AC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9132b9958acfa93a855e41e06f0b0c92 |
| SHA1 | 28fa417c18367e157b340c4b46e90768d33738c0 |
| SHA256 | 6c2c69675646245965b9d0fff27f896d9c25e530c4929b9a423e0dd0aecd62ca |
| SHA512 | 3ccd12c3cd7222bf3abe5fe53d99a042c397dd4c9259519e120a5fd89496537c588bebedb37608850788c749009c0398d4ca4e92642613d30569ebf79b69e2f1 |
C:\Users\Admin\AppData\Local\Temp\Tar34D0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c019374eb5f2b2c539fe0e4f28bbfd8 |
| SHA1 | 40aa92ffa8c5a7f542858d2c5645eb5ac7fb5252 |
| SHA256 | d44d60ae9e5d850be95f7559dd40f2906f6470a0d07746f1495fcd89eed30d3a |
| SHA512 | 4ec8c82e55fedc23e813d3de19790108625346822a5d154f4eb682cf51aaf81235885bf5eb6ff5c12ecadd80537622a47fa40a318d2bdace254869a58ab8faff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 03bc28a14c52ec46cc4863edc48079bd |
| SHA1 | c815ecad2539c883e63004d1234e1a792ed5f445 |
| SHA256 | 1827444ab3bfe818abdf3e348ce2358e8b46825547b52ed4243dff93eaceefbe |
| SHA512 | 1ade4ee7486e3bf353ca938decf02cb63b1fe0aab83b469cf30196a311ddc2e467b9249a14be311436ebad2fa5f9d170fabb6f720c736171a0bb6553309f4e85 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7c368966748ee751d835b38ab9ba2267 |
| SHA1 | 994c54d895423d0ff9c3d4b268c387ea4f78bf17 |
| SHA256 | 6ce855b8e812caf1f2a0f2274cd5af742098f150498499e119d04d7eb4612d25 |
| SHA512 | 716dd3ab1606ce1be9f78ccd9755edba6c39e068aa3775dd4d5de8daa13b2d731f7ba521ca1a683a51d8fcd485ef3bdd89dc72dfd2b3ab0ced3870fb28126553 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10d0876a565d2249d5746b47d621a2ab |
| SHA1 | b07c5246d73e7ed94d61a854e83015edbafb7dd1 |
| SHA256 | eaf0247bbf7659f582375a2839b24da36936fb7c1a0736126233aa47a9818652 |
| SHA512 | 81b142695ea8b04eddc951f4eb443755869dd25ad2bef8bb6501e58987b69bcb894ca82e2efd6f9ed74def3327abd3d4e77a9c79d82365c91abd8d9d2922acbf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d467fa1c6070f65057abec526003e916 |
| SHA1 | 28a4b92282ac42c859d2a3e3dae0dbdcceaf3776 |
| SHA256 | a7951914869ae1f16bce6e594e579f6ac715c96547cd6745d5329859949a3f0d |
| SHA512 | b2fa4e377331b8791f988b46fd32eb6aaeaba89cf67e8842c039cfbeadfa7fef88c6aee8fe87e46a6543041f7cb00fc03c129ddbb0dcc425a14dfab730d34e9d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2569a521723158287a4edf3aea8bdad |
| SHA1 | fcb0002c57eb228f59df267ce0d9f133f7156c57 |
| SHA256 | c954cd3d5184d4df8f77258dc556bfecd39c9d378383e996fee99b3054f2596c |
| SHA512 | a93f55dd9d18b54c5a08401e8aad6b373cad49fb5fcea3aaed20fe3430144cd0cd86880359799f5c79ba70f578f51f078a32270a5bdb39324a95090629a2c6b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f68b417616e6457cf9ecf8878684704 |
| SHA1 | ca2538a767df705500a14edbab6abe36f5c884f0 |
| SHA256 | 516429879cdb5a6ab072d1d4736129d6f367dff5f71e6ebc2186b99d4bb9076f |
| SHA512 | 7c94e45bca18586af6fe3f20504045ec59f0fc11dcad8fdbae4e459eacdc6c5453117b4dee915d0a927fa796b2abd7f1f14fe0bc6898cb94c996933806bf19b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | dd25e160c18c5ba064f200f20b36b278 |
| SHA1 | ae7e558cd0504c714cf8fe9f83b7a63c2ec4e43b |
| SHA256 | 12f7064fc8e8b751f56458b994e259a39755453a417299e3e2954189937d1c45 |
| SHA512 | 19e4c100f3ae403f8179f67fcb878015498af93902b9da40ee73f27ba95d4cc74b4185133a77610a5469da63c8410087e5dccfcf3e684987857fb40a5fd768c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7777e3ae568e8c44d6782f825246a9d5 |
| SHA1 | 8db99c043f4f5fba5a3977be798393a37e5eb8b6 |
| SHA256 | 06b91c68ea6817079b5b788c66316b4ade4de4442e73ecf38d5870ec8b7a9cc7 |
| SHA512 | cf1fd754fb9a1286925dc0e11efe81bd85731b31814413cf2abd443fd9c5c51b7c72a340027619b4abf6787ac874435395293c8ab61d400f42c6f6269d37c764 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5d3f4a15b61cceb22f8c022593c66460 |
| SHA1 | 662afbc71f8d7a3db1414001ac2b12eb3c4707f6 |
| SHA256 | 14bb5bf6c27e2ae822c59d03d9bdbf3f10d21df440efd37c342aaf34aa3bfebf |
| SHA512 | 0b16b2039ff7365014eb01d8478064fc2f56aa0a3778145ea8c50f76aaa7e83e686751af5224b8b60fcfeb404300fa8a68e455d69c6d787e8f63c1e13e377c3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c284f6b0616cb1e27e05bbef4029054d |
| SHA1 | 447ae73984940980d65d9786a8ea41814750aa90 |
| SHA256 | ef04d9b186786109a5e1b01d9be197d372e554c204ff458cf9ec1f8b5cbbaf42 |
| SHA512 | b74c3a1281afe9625bcbae6eb9b77ab638dd1ed9ad664a5e6b874668316015df12a9a917265605c9a7fd4070e3db2b6e17718f3466dc686e0a45befc0352b209 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d2847eea0b391ddb8c61d23d44b800e |
| SHA1 | 1bc286770c741775b0039cc2efbb9812c89f10e2 |
| SHA256 | 91ce5493cd37cdcc530472c0d10fe3788244226f73f8e0e8b984479db1e8d56d |
| SHA512 | 6283ec7384f6ec7da62eae7c280aef6ec6f0f5b97ec8a185ea70633f4fed4a0ee67c1a63bcfe1b451183fdf1f987bf97dcb4a148c429d8b4a7bdc691a2e2be73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | f2516a957717e6167d7222917ab42fc5 |
| SHA1 | f781155d7878f215185808830ae6bfae6079110a |
| SHA256 | 89bddcdd6864b2f54fc5d08bf9e632be6b9065240bffb1ec0619c11239d2f7a0 |
| SHA512 | cf493fba7c83d376ffce292e94eb1eaeb556ee923614659670d7c90a14f02ae3030bcda926e2ab6298a55d91c8937514d8d1284b3869a505870f0f60b2ee388b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6dc27b42baa02bd683048d0ec4dec465 |
| SHA1 | dd74deac938514a3b14ae9a6417c40d75ed18b02 |
| SHA256 | d36c2b3e87257bc4fc1e3771a54f93d41864596f0a3c6aec6dbfc92cd7d9f40e |
| SHA512 | 0c6bc40b465a5d5e58f33fa966388af05cf99e80a838d072f22aa1230abd6f9daa576404a5abbb5a21159c09ee630884f4c1413e6effe5d7641379b17949afa8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 65e9e54987d111ec0af43f5ab5450cc1 |
| SHA1 | 06d9661d6dfcc7d707acc4266cc0ce045db20e0a |
| SHA256 | 970ec0bf8b705a855938859a94ecb3fc3ca7af85373651552d584bbd2105015e |
| SHA512 | 05bef66ea0624251991f8185b4ab090acdffb3984f58b10e2b8ee4a7ed13b91ce6bfe7b6c8990938f365a2a01f6289386551b6d7d4cfc797967c96eeb05dbc14 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 20:04
Reported
2024-06-01 20:06
Platform
win10v2004-20240426-en
Max time kernel
120s
Max time network
125s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b9d0f02e8e0cf9f49ac79dce10673c9_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff05446f8,0x7ffff0544708,0x7ffff0544718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6477783704733518051,3016815324499151401,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 107.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_316_XLIKFZBQAUXUOPVT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7a044341d8ab589470616a01acd61dec |
| SHA1 | 511a1d031ae5e36a77fa833bcbeb8c727eb29629 |
| SHA256 | aff5c110dc74fdce8b64e675c1163418e15bde77e7128a11a2b6ee9fb06fb7d1 |
| SHA512 | a927cfe517005fa56e8f7ab8e69ffc177a5820de3a4d4d8c07855adfc3ef12dbe1d5ca560be133b292a1572e8c3a1d091c2d226d796dc0f5cb65d09129937c05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4577f66a725cdea169abaf914522aba |
| SHA1 | a3050fb3efc9a4cf9dddcbba46e27de8cb3bcd29 |
| SHA256 | 143e17d1360ab2768b359fb022e31fa9ad0ce7dc60d2fce956501f5c98334e6b |
| SHA512 | 31c83ba6fed3d2576d1cbae23118db4ba2b8265e5ecdedda432d473b9ec93b9f370103f7b24de639e214aea2f5e540e3c0d30be74d300f1cc232fb088f2b4926 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 32b4d40b817719c4a59bfc6bbfa81dab |
| SHA1 | 8d62cd4ef42191511e83e9b402bf90b28a0800d9 |
| SHA256 | a684ced7ccedbb1478cfc92b8b15012555f9a24c63473664ac2f2ac5ee65852c |
| SHA512 | 06f769dd9f6cbe5548f69c848b144af3c3623b060472cbf48aacc37c6941ff6266340ba214b7754581928108111992d0986e1aa73dbfc7080cbbf9c0585dbdec |