Analysis Overview
SHA256
3973864c28c515db1916772f0e29f3ce3b07dfb1482d01a49f77acaaf4b7c0c3
Threat Level: No (potentially) malicious behavior was detected
The file 8fad45102c1691815b87fe2f70467d4a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 22:36
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 22:36
Reported
2024-06-02 22:39
Platform
win7-20240221-en
Max time kernel
143s
Max time network
120s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9F161CA1-2130-11EF-972F-E61A8C993A67} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529686" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000787d31927271544384f5cae0d4df513900000000020000000000106600000001000020000000e8c781b8da75da52d8eaa99c619392ce29300a86c6d62070f827637dbefdc01c000000000e8000000002000020000000031700e23e8404d684b90357ea7db4cd65f00f5ef3e1f78bf88735f420b4f3489000000076dbfc75806bcffdea4801181e296dfd4a44857a08b612c67bde3465c8e2573f3194241b5896ede1eaaf7f884af5059fada1474440f3b6c8b62d1fcd371a17e7a17ba391795748bcd25a87cd1bc5697b096d5bdf15389e50031a62fa693e1c226157e875c9ee1126fd0ff909bb02a912fd619f9d63c00e21a5f672378576127cd97019d1a8b987376adcf626562cb2a540000000b9bbea9aaeba8d22df3461fa168cd04c773bfadc1613e09c29dbe7e1ae1f5776865e87b7b1a797bafe1af04f248695f4bd0ae3851c3f444ee550b0c96fd335da | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808d99b63db5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000787d31927271544384f5cae0d4df51390000000002000000000010660000000100002000000009e2b3156ed7d0da01f482de69b58d0597610cf70dcb53bdce637405e449f551000000000e80000000020000200000002d90d2aeea6fbb0f40d1e397321371289476493ef7b6e32b48f6c6764a0f6c8d20000000880d73522892afb090bdc4439bb6d8b05b46abf15690c53710e67dc85cbc60e2400000007ba9a18fb81dee69ea504a8b6c50e8a42d50dedf876e4c98ac6870ed101e32212971cb9a3540b10e4608f9523342936a7b6826737f5fa371d882c7845f0aa612 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1940 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1940 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1940 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1940 wrote to memory of 2840 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fad45102c1691815b87fe2f70467d4a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 3sz8o.ain9.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab118E.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1281.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4e805fcd015928b5c6a122639eee461e |
| SHA1 | e547d2a3d14fe97459e26a69e07302c28b572447 |
| SHA256 | bd57ac9f9cf91db39be5750d4d0df9e5cac2bc223dd67cdaaa804809736ffad9 |
| SHA512 | 3ca94dde474fab9456c6d1abf73e9e690951f5f71589af30c12d50711382524141585d66f4396258868db8c5b4e4e8f8d4336824ff098f0bc05c831fee91c8b5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4610eb681de165bd231731c788c04a6 |
| SHA1 | 1537f0e9082a81033131b7f6430439d9f2817137 |
| SHA256 | 370696734d1895ead91d1812024ce0c1b0f474957c43bfadbb09114915394f1b |
| SHA512 | 5646cd4d375e030c3f259ae015dc0b92e01e00e5a98b0bba8123c0f4ae78df26e683f6dcc9b4fdd048f207dfbe876efefb943626a630bc4ba6c6eb32cbb3731d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 73c0ec0e03cf769c314d766400440188 |
| SHA1 | ea24c142e9dad3dbb107492fe165d5ad0e19e777 |
| SHA256 | b7b4d472c507917eb6dd974ada4e8181a61e4245fa0272f6d83f0a72c40a7f5d |
| SHA512 | 438692c82d9f5ea40fc1db011f0c8a3e77635f819829b50de8dacab8714830bad6ff24201105fe5f2f10508ca763af9a9e4449e3806240c20e8fb2b1195c483e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0385f6dd99a7415be249ec28b98081d4 |
| SHA1 | 7ea9aa125ae24f7e924048361f6205748b84ae79 |
| SHA256 | 14835ab24677c4e5a88044ed61e08c67ab828a2bfe2eb03b3d006ef1d0124712 |
| SHA512 | 1732db3d6f97bc22c9bfa20b93862dd2b334ebb625751d2e9cfa1ea44c14bd818bba7737fac1a8fdab5f8eed15ede3f12b207ed996f9638bb4787b7b96aecbf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4403c0d3e91f26dd6c1ea0531a7ee61 |
| SHA1 | 72cfc24a568502f3a74e5c604415d7060539ca95 |
| SHA256 | 7604d910690f9f8ce4d3b67813d99e664f9bd9e77e99b0e1f765665baa5e250c |
| SHA512 | 9fd80fa2fa2fc508f2592d45bb9eda5fe2d78ec8917168fc5fb4995015622bc145108422f67a09c429fff26a8c63f6ff9c46ba924bcdaf592f58565642b145e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ab2d3579f64a9a147352003c05a86819 |
| SHA1 | 5b09a3854bbbcf6f4d540dce6fd17778cfda8bba |
| SHA256 | 99323d7f97d901f11520d1b8e10e3d706be56b34faa522f6deff3af12d8e87ca |
| SHA512 | 9c9219f7347040e4d12e948e8e4fcc651b94ed4db53ea2d9b62b29641ca124e45bee6e023e145035af4188b55080290b24d756612fcd5587ce22c1f6d926b9b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fa8626ab0a91f68964bb28be43537dbf |
| SHA1 | 4cb2cc416f6d1fb7294a3a6743f2870d8913c5dd |
| SHA256 | 90f13dbcce4a06dc417127a7f66f04bee48d13bf6f0b58ae9f16a1cf269bfca4 |
| SHA512 | c05b16ddccb65f11f9f2bb423d4e378377ce1b110156e6bedb5ff9bd07754983df3c71d4365dcd0dc57d62832ace78b05a65becf4495d6a9ebda5d141941bc2e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5020efb60a5dc853fd54e5c49ff51ba5 |
| SHA1 | 73733bb2709294c3c4135ad61e904a3a8d2962e4 |
| SHA256 | f4aa03f682bc63ab500d631b6e9cbee469d0b8f7a7408c444ff20d204263fcbb |
| SHA512 | d59b616f7d342309c5ab037d3cb56137300820e39fb377562fda49e8d6118f44d90a20bf0e0c61cbfbb599fb76888d78ed1190ad08fa142c23ca9a7d40baaef1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0083f3b963916d1b39ab1d1a7828687e |
| SHA1 | 6a8352b746adcd8a8d0c7cb291e0a57e23edf228 |
| SHA256 | b0935be7b1580075f5628d78a63cabd0bd245a2cd4c12677d545b45e99c8d71a |
| SHA512 | 965a24d795c0d104ed8831179dd8fdedd370a9792be4c713561961a89f3702fc9dc497cbca2aa67d0b880c7f3dce353c1799fecfe2c14756c0e96e952d39526d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 90eeec05dcfbc83a4bcf41b61059739c |
| SHA1 | 81b771f381dcf9d00f46859fe4c62d12a24b349c |
| SHA256 | eb2541b229bbe6ab27641cdeeb05160e9b40534b4d3f89ea2a4cef314b1d8cd7 |
| SHA512 | 4bbb20b9f63a61ef18788cf489ab1a9bda96fdd1ff0fec27d91b45ed45690e5cf95dcc7d3117cc60ebe1fb1a163781e344181afe72dbf7b42d50a2170e18d5e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aff26a3fbdb3a1d549d4309179584959 |
| SHA1 | 9881c3c1d36ee9f763d203cfa8d6c235bb5a2b82 |
| SHA256 | 7a97f74fdad613154383c01815ddd484f297764945af433e10d32f1921473fb0 |
| SHA512 | 3cc2d03f28940b121ae21ee565dfff24ff4cca8a52b62d5c06011e43b1675825ca74b7293f2df72d39235dfadef0f30d222bc321e6790347cfe049a6ce3673b0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b46692042ba1efd4360a84b71ce42411 |
| SHA1 | 7b677748325db1786fcd6e4445c4a22f143f2be9 |
| SHA256 | 8affbe631f57b057ee5059b81969786748c09372bce251072d1a66a871f8cc25 |
| SHA512 | 5972c8d3373ce74eba8bc505eb2c853384e0856109d829d26fb9b6b0ac46bfe59199ceacee60c307ac8fa5f3b2e98b5fb9496880ad83968b46bcadd40b6bbca2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2b41941b134adc19bc05326e7a2b2855 |
| SHA1 | 91ca84b2b12257bf01317e22c2349a2197ea7a5f |
| SHA256 | 61eb11b7be4d51ebb25d07b05a70dad03f9315694edbef91bd4bea2729449745 |
| SHA512 | 878ce96484c255c73de96ada63b66feb109bc6b0c4919991af3e2503046be1c6eed02152e9de6019fa89aee7cd87517c7d163a3d4b4ec5006cf1db195926e4c5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 122d6626d2de8a1ab306734b5d12c91b |
| SHA1 | 143fc22ea356eb8573d71262e6c2318c242f7e49 |
| SHA256 | 45cdf1cfb7cdaa9fb07948981140d696ed44cd2c8ac335f617e9ddef2fcb96dd |
| SHA512 | ced4d484b5a8949a0b02786f9ca72a98bc2605e35bb3ac7280ccd391e9ab230d181c5e618a9eeb825647c94eaeaac5c57158d47e3479f82a85b5f4048c23ea01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 00568c06cd255049f8df91b7694ce0e9 |
| SHA1 | 37b544d51fae211885bd46ee7d7eef4f913e61c6 |
| SHA256 | 32a5949fe2cf2c7dd47d395ceb07528471fe55fee46b29514f89acf51d67c559 |
| SHA512 | 06bfa1b65ec911464ee7fa8ea8f531a80ae728bb3a5238816515ded73ae0c5da3895b7b2b2f4f37a32daa734563893ba029084df40e688ad12531afaf06cf28c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a05b74d1466b9a202418717b40c5093f |
| SHA1 | 4dd43ca640e1dec9ca380b60f6efaca7a3b08f87 |
| SHA256 | 2a346443827967b9adf4f5e684ffec76d29b8df45b275923cd73b46f01c0af4c |
| SHA512 | 69893b7a02dc2e02b844996afce392599348ac210b85b158bf0b8aaf8336d87aa8b9d2f515acb9e73fcb09e4f8e548231ab2bfc073d436c10d185504d387e711 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 88bf75b9875d9a29afeb9be96bbb35dc |
| SHA1 | 2aefb0d1f9b629a0cf0a52b9409b132aefe6a597 |
| SHA256 | a05ec46814481e04f805d7986b6f36eef2a449957054e5eaddc1e6f0795802b7 |
| SHA512 | 750c356480e935d2a9a7d6c51bb27c96ab30f08f8a7a28a3b2859ce83c11a8510e156c4bb190e0b2b81688c7100720a487f6463a2a05ed058bead4863bad5855 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 961b4b49038f8edeb238078949055af2 |
| SHA1 | 58f8db0f0336add2841a288c9ffa0f0ef67b13c5 |
| SHA256 | 185a517feb2bd90c49220059b3bb828ff41e9c006d40acbdd1bfe1c2b35d09a1 |
| SHA512 | 50fe038cd0913e9e33f532b087e78b05ebee3bdfae4b01182098caec875a791964cf2205e84badf08b50e79f01d67549e97fd9964e394c78c13d436c55e3eec5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8808d3febb380848cfd6e3b1ecb0032 |
| SHA1 | 72870ee0907a8dc790fce42174c627c485b0da9a |
| SHA256 | c523c9cef041eb4f28d901d9fef8b0b0aa0a78652574024a386266614d0ec36c |
| SHA512 | 9d04632a14cbd854ee9bbe39cbeda2dfd6198564df6b5d31d695cccfb91b69fc58254562d47024f10b1317ae399d0dd8de95264c42ebf68b9522f809b0324754 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 22:36
Reported
2024-06-02 22:39
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
144s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fad45102c1691815b87fe2f70467d4a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa797e46f8,0x7ffa797e4708,0x7ffa797e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7652610563811159449,3083136143962963847,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 3sz8o.ain9.com | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| N/A | 163.177.17.97:80 | tcp | |
| N/A | 163.177.17.97:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_4016_WCTEVKCITCTTBRJY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8aeac7fde1698e61656b9c7f82d5a019 |
| SHA1 | 363fc03d677790422f076a77564db4d71cb7af6a |
| SHA256 | 2170f8050dea34245c2a8d983d571c6bfb842aa15dd9aa4621c290b89cb51f6c |
| SHA512 | a80b0d4757371da6124d5ae519ad1b44a31a2776e0688c86d8e9f9b7bdf7563dcd56485711b5be75d811804bd37d2bf5844d1906fa9cc16e0a2f5168116292a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4b7b4cbfb293122fb105fa8cb271140b |
| SHA1 | ec3042174de091fe52156c9eb9d5e602d9d541e5 |
| SHA256 | b1117b190208d4e790645c1dee86ed3538da265f3a9e5fac305d200297942790 |
| SHA512 | a89580f880be06b8b9da384a09bc263a5c276b8c9071d3d258fc1e2e98d5574f81f91b12dd82aa8448884fe6089a20baece894aac3e34b5d3f17e345c52ba25d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d0b4b5f8b9d525fddc23cfec912228a |
| SHA1 | c32a8965468244dc7ce18a8c8b1e1b93e214e806 |
| SHA256 | 360605f659e910234b4bc793f4e0e36ec6e999228d0e627f16da99a75a5ea5ee |
| SHA512 | 2c271b51b13be39f4d5938fd06156d28f163b337dd51bd47fe0a53964cfef1fe90d6f76f863650477fe3059a0d108c772e0966dd0e4b254f19172577579ef053 |