Analysis Overview
SHA256
06f5999f3ca863acedef9bc39f996d6b54c90211e26cbd3d37eae96fd4793cbf
Threat Level: No (potentially) malicious behavior was detected
The file 8fad86ece9527b928e9d7de08dcb0629_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 22:37
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 22:37
Reported
2024-06-02 22:39
Platform
win7-20240221-en
Max time kernel
143s
Max time network
122s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004555f1c323498d49b620febaff688c0900000000020000000000106600000001000020000000556791045327a4301d1b11d5acd2c130da5595be86a5f30289938db457c4db85000000000e800000000200002000000086ab18e7f144ffa8237d4a13caa9043e80bb2cbc197d2ab736824f248ab295de200000009b60abeae2358175863311ae1dbdad6f24cac4ebd67c12fa1755052943b65a354000000026eebf15bad04b8eddf8c2bf7a3409c4ec43a26c761af804953e9946cc742ed2ca6cfc8b7331f553490757362bd5a36794b92e8b858c2884ee4b2cc2020f9c6f | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004555f1c323498d49b620febaff688c09000000000200000000001066000000010000200000003e6c7f4746aed7a429bf9b343646302c999a57cc2131a39b89965a8c53a8b914000000000e800000000200002000000068123bd4f686850a7fcccf93694320f6f845bf571c3057f4150feb021b4cdfea90000000397e983ae51ccf93f436d080f14f54dcc978c25e568a01eeb8c61a81395845680923c68c17d74dcb2830766efef2e873f11856a0793dacee897c877d3a01c3c5140b01db9b2d93836e5e48b7b31d9fa22db5eb17f68066d469046ea6fd984e2c31bd25fba387d0e2e6156701aeb3898738842d4afd0d64d059f6f9ef2dd49d444fd2a65956614a660bfd3cd3aecd209c4000000094597e8d1161b85368d5aff51cd46608097bf65a14b805996141419bef0373fcaba2b5c689da0f0d1360e257b0d60c1338bbc1d5e1b34bc7f76354f12e321aaf | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529716" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B1015C91-2130-11EF-93CC-729E5AF85804} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10fa94c83db5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 360 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 360 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 360 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 360 wrote to memory of 1680 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:360 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ick.nqytc.cn | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab194D.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar1A1F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3ec8641ae995bfa79cfa635efbf2470c |
| SHA1 | 55a438c3b59416b368559831763e70061bdacb94 |
| SHA256 | 88a0eda88fa6c68c6e5b22d32f9f52d7388f425aed18b423cfb888ffa10661e4 |
| SHA512 | 760facd8ae6f26f23be1fdf8a032eeed350ac2bca17a2126552a41c3cab6721d890a2a0a12fc2cb5076551c2dd4ccb6fbca29ff505d1b27cd3a45066b0dfa424 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ef989f361ca3b62d832235c9037b17a |
| SHA1 | 9450910bb2454ecc7ce56530e9eaaaa47f65560c |
| SHA256 | 7defad63cd33b7b614e6786cd75a0366044304f66edd7f8cbb8f289afac295b6 |
| SHA512 | 7a059e79db4624d0948a19252f7f2aac37378f638f18241e2b0f514f7094d831a4f6d4ad457d196718271381808def3bff92a3de0744cd46547868cd844eb4e1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a0b34612b7f3c50f54b841165f31b017 |
| SHA1 | 4d350bab2b1904d23462963593d1bac77b0bd0fa |
| SHA256 | f70cb5ecaff8eef832bc56647febd1b85b09330ba46d4c95f2667700bb474e7f |
| SHA512 | 285c63aa7a21221c690b228e88dec1ea11e7c4d09b66f173479cc9e91c4e200302a6bd8a221bedfec38c817cc2bbba2fed6a18d9ff38f1dc1fb5d6f3ad06e827 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 74ceb332dce825cd2c29b52c0464084d |
| SHA1 | 6c2557f8bed9df1b93c906bd8eba72c2a106cb4a |
| SHA256 | 8c5e4ff4513feec406468beb969bbe0d7fbc43bb372b41dcc125fb5cad0593cd |
| SHA512 | 172f895f4b671fbcfc325bc0f7f786a097ab5be582fc0368a025c72607497051025923f2e52869faea634328a3b71b50d6cf81b30e47ee5b9a4f9918681cb725 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 686591cfdb05ea04a7e0856c9d2880ec |
| SHA1 | a047aa629d8fa3cf38cb25fe781ab0c47b2d1037 |
| SHA256 | e6b469ccb83ed2d81861443d4a53415fd4a4d0cf118ceb72bedb82cca0ab662a |
| SHA512 | 7bd70055aba3f952d8a321dd6b6acb231b1b9c9b9d11fe044a282626adbbd9a38caa53a398635829b1217b85998a58cfb76d9ece92efe7747b83d84dc806788b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d617687676bd2005f88057635d617f5d |
| SHA1 | 9c2019cbb2094fd4c65ec55ea33b42ad2ce0ebee |
| SHA256 | cce67d95d420d03507811702a9c9fabe67ff645d5d60a7ef06b6d761ff7b5afd |
| SHA512 | 7da1be8799b08ba2f2c2414693734357396cdbf96abe21f48b5d79e366e16c871a35875e4a4ecfeb0d21bd3700edc1ab2df1ce8ac11226d4333a1494b7b6db15 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f38bce81e3a7f3c9ba4c270881a96908 |
| SHA1 | 02ead0d5ea6d1a0a30e46fb695efd944e328e575 |
| SHA256 | ee4e88088dfb0081d9f15b6cf806aa60f8e09c5e73f63faad5453b9da57d52ff |
| SHA512 | eb7ee23b99fc19f3a2f51b0647c153e6d581b57bf6e49bdbc330d10d87aee2deacf18d27aa871babe8e305e79e692d04c2c7affa2f85d8537f6cc29fea79c59d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ea7f92a616f1cba8ef44dc14e7b38c61 |
| SHA1 | f72f3af18a99939734f71a1267e690e7a822e69b |
| SHA256 | 13389444dac10cb4641252e60c92ccfdca9623493eecf29a6200d1e0a41ade11 |
| SHA512 | d4777f73836d3d1c8780731f2ddd689ef9418c53dd87787e8c5faeec0118b40f7d0261bace7c3b839c4446da01f36feaed1c9362bd9e4f013e59f79a15603b43 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0eb9415ef6059dc647c67b7d96187dd0 |
| SHA1 | 40d520120f307c8bc85bbc5c546e487d6974b250 |
| SHA256 | 53a547c5531793737dbe756413ff266da52a451722ca3a5e31e903f5d2a2ba9d |
| SHA512 | e570a24713faa1532fafee88c44a6e1d8f2ff3e379a057fa6e61e30d2ab54c1eab3c6a4711836d58f6488061a18e915dd78e078b3555f549738d265de383dc39 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2c093b1a3331cfeaba3a7d41290fdd5a |
| SHA1 | cdb2f7a233e2698e85305d6ed2994e941c532ef8 |
| SHA256 | ec926ff32acd6e62481cb0680fad7f6855ad16a6048c0d25bf00b22be182e628 |
| SHA512 | a1cecd4ec19e0d600547527e5096a52caec0428c3a7e3adb3d5851d3962e4679ccceb9d2260c8d025a3b275461cf0032ae6eddea3cd91abb2c1f0187812adf7c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4b0ec595c5c20afe84985d865f1173c |
| SHA1 | 1221d2c8538f23e85136d47ef8d1c810ef54f571 |
| SHA256 | 8af00b055cd90c6e5cfab4bc055a3eaff0a7d46f0ace098560b68b1851d9d89b |
| SHA512 | b8c9658eef2b7f102167384da365681110d42ec4e4bf1dced860e6ca3abf49d1677e9785ebd9d0f9913a658e15683a0164cac80d1f4497d650ac3837f25e82f9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3699af09798aa15f2ff7a49ec036b4d |
| SHA1 | aa5afa1d32bfbd7f4e3436696bf60ba75f4bdd1a |
| SHA256 | 27a6fae8aac604172a7aae1ab371e70cba5748878964fafed2abca54f676d4b0 |
| SHA512 | 008648f80544599ce18d1f94d883dce8fe59415589d3d57c51240729730b617d32e44b7cbb61db6e2433048ad1ea1a0d523a288e9a4e6a99de592794cf4d8763 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6e16145bf0adca3f025bebdaf8bceaff |
| SHA1 | 2d27a3fdc0299f39345ecaab98678188b053e326 |
| SHA256 | 3674ddc5291081b1c23bdaed1706d345f7aaffccbf2ee2e69ba45fb520fa422b |
| SHA512 | 5fed04e6c92bf76dfc1f228f37f909e71c103c39cfee792e10d2ee7450ec9f48c7730156c2e39baf785db51a84f63f4b17d37bddac053c102c1d3d02daf82ddd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9a5df0958113defc4f47103ab6360d3 |
| SHA1 | 547f2258830674689a2446121cd03436f44345be |
| SHA256 | 4e6ce00bfc5d22ed21688a3374baaa05009b9cae7ee2c5a193c5695ca360cace |
| SHA512 | 076acd391d8006a5cfef4129cb369a0fe6d053fd651d321d42bd7ef2903665a745ef0df2bba233854e991b6eccdae111f0566d3632211d1a3041a70c98050830 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f47e60d1e5578322a83de864561f5b0a |
| SHA1 | a60bfbefb3d63bc4638c38a71ace8e7b2e059b5a |
| SHA256 | 21bd40f0853669add0509a4468bb462d74368939ca4fbf896dc471ba459330eb |
| SHA512 | 47448face9eccf00c145f57f6dfdd4c890f198dde9bcf5a87cc9e8c2f8369a3efa7173fecfe3cd571c4f7ee0cfb9a616058ea73f7ca490a5965f386aad226d98 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 10ac4cc469cda909fdbf4edd5f9f972c |
| SHA1 | b0c8b61c7e0a91e8c90308aceca0d38c0fc04759 |
| SHA256 | 23f0f0b2207bd0246b61fc66364054accb095cdab5934a3a59a6cc788aafa5ad |
| SHA512 | 6def4bb9860d05945ae303460470c330332217f9a086e9fd3211840820ecd3e203c5bbe5518225f5fee1585d318a44d21e3ee7f6a72042a34cab7f6c66bae75c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6882c02d187bb109cd8c78bb8a04893b |
| SHA1 | e606bc15ffffe57e261846e36fb79ec19213a7a5 |
| SHA256 | 637ef0ab980554fde77cba9766ffe00758941143e3514fa3e377bd8665411ef9 |
| SHA512 | ad56f8a1df64de2875e533c178cb7fcbb0d4697ac238e12701cea5d1323952779ab702f066b9dfa4fa34af0536ea70cd197254496977b7e6fedc040754cf8bd9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89d677a7eb5a070830dd4665fcd10c40 |
| SHA1 | 631fa76d812a077a05235ab93a688782724641f4 |
| SHA256 | 4992fe2aecbeca5713dcc26919dcb561e4ff56cb73e6619b10d6c2e07cd946b4 |
| SHA512 | 99403504b7c1550ff40534a6c74245e7fb2f4edd923f3f831ece0b0e385c16d579b3ef0b65ee4eb072b561b33019f118c9e862c77c86a7cffdf933474645356a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 112227bfde370afa2b0781e7aaaa3d6f |
| SHA1 | 33b25371d4d04d98d37c5c04dd94485f7b846a85 |
| SHA256 | 4df202e803e3517cd97c2df00dee945db41bd68bfe281e0e4caf3686c1cea687 |
| SHA512 | cb7247a07f18fb8ffeefe4f704f60015380197fa18a7ababc920337ba206d9116871ccc856c55904e73924cdbcd66726670e7e9acc5a133d041bc9a260d7e918 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 22:37
Reported
2024-06-02 22:40
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e53746f8,0x7ff9e5374708,0x7ff9e5374718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11980990111881831773,12895992070215499814,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ick.nqytc.cn | udp |
| US | 8.8.8.8:53 | 5.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | push.zhanzhang.baidu.com | udp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.244.229:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| CN | 14.215.182.161:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.71.91.104.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| CN | 39.156.68.163:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 112.34.113.148:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| CN | 163.177.17.97:80 | push.zhanzhang.baidu.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 180.101.212.103:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.93:80 | push.zhanzhang.baidu.com | tcp |
| CN | 182.61.201.94:80 | push.zhanzhang.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_3516_BOKKAHDMKLAEOZDY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 01d3b1b30bcbce1a210f6576abaf25ca |
| SHA1 | 268d54115ea956431408a385f7e61302634f79ed |
| SHA256 | 18dbe929417c20b3266a0b77bbb62e94811cdc25889942184fac14e011f1b699 |
| SHA512 | 2faf87326f4741411bf4397d44148765e9c304134e96a5869ecda2c234c6474958566f4b15615af8526bd0f10c0a76ab789cda909931bf70d5dade5a5bd5885b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3fbb5251999de5757c59737ea30077cc |
| SHA1 | 530c5a785bf37a9083a9754d83a30dd2acb4ed79 |
| SHA256 | f65a9b5d37975dcd101421988251a5d6eed33638aa2fa2ae6cc14744405e8c04 |
| SHA512 | c8d90f3376a553e5550f026db53c2c1724a8fcc8af6228e15b54a2bdee4043fdddead1da97f19c1bc60eeb4782eef89592495e9ab1439848283e16fa20a7da56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0adac59cc8a0c204599a34907c36dc1b |
| SHA1 | a007810835674e80de4988d7d164bd98373cf4bf |
| SHA256 | e94ddafdb4a7f9e380169726920cf55ceb2cf6ee53b6a6f2ae6bd207b0b7cba3 |
| SHA512 | 823a3d1a8adcf2766bc0a51ee5a3fd2383b73683d436adfacabb6503f4a732fcfb69534fb1307a283d91cc3b5888a34af2c4e3e334a3d8896147b5803989b729 |