Analysis Overview
SHA256
d5d82b15fe4c8360bf88d12d574fc5af045ea631983ef0daeec62ea25ef86843
Threat Level: No (potentially) malicious behavior was detected
The file 8c6663e4ba8fe3c7c5e7c583cf20da82_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Enumerates system info in registry
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-02 01:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-02 01:02
Reported
2024-06-02 01:05
Platform
win7-20240419-en
Max time kernel
137s
Max time network
145s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D5E3C0D1-207B-11EF-AD38-76E827BE66E5} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000832334574bbf274c536530acdc85a7b3d83d7a6fe5dd17b452178647460aba4a000000000e800000000200002000000028d61eba785205a8673a67adda32564b7c7f6ccda4004b4d645428367fc173e42000000008f60ca10c46c157f8bfd1deec6d32e95f9b1bd52612f120e1c11fc624f2a64740000000460d5358be13078ae003051b33a0e7d6ef6394553b617a126230c33c7e4626ff1aa6916b245d8949e29fb616f320dd658374df661e7776dc665d4ba6219930c0 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d05946bc88b4da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000d636ee8d070159c1bd562fd9a35715c1fc822e4a3074936df6489d4c0a8dedd2000000000e8000000002000020000000f9d2422bd3ecbbe10c7b8affc83eac806bf18f12cf0e455636010a1ebbcd9f949000000045cfecbc1cc4a16610a5d9c18ca86c6eee8f1409c380968543e473aed06bd189392600ad590c3f3fc363f20a62b8e1fc93a703e154feed3b2a0a49a3da43db4d165ff8d546078261015c23d214e134caac78b442b29c6d292be84ff7b8e0bd43b1d02a38530cf92ac314e4551fa0a33706865a2792717c0a67625e810b4d73880b8395c5d0b3185ddc33143a441a6b1a40000000287ee0b083c9aa59894b164e2e05610346504bdf239ee5ed597626580b8f1e9c8e4eb177992668b880fafb4ec4a2db1fa351067feb83f4d9ca805d85b10655a5 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452056" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1860 wrote to memory of 2140 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1860 wrote to memory of 2140 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1860 wrote to memory of 2140 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1860 wrote to memory of 2140 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c6663e4ba8fe3c7c5e7c583cf20da82_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1860 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.imctsguide.com | udp |
| US | 8.8.8.8:53 | www.braindump2go.com | udp |
| US | 104.26.4.128:80 | www.braindump2go.com | tcp |
| US | 104.26.4.128:80 | www.braindump2go.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| US | 104.20.94.138:80 | www.statcounter.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 8.8.8.8:53 | kirkemusic.com | udp |
| NL | 185.107.56.57:80 | kirkemusic.com | tcp |
| NL | 185.107.56.57:80 | kirkemusic.com | tcp |
| US | 8.8.8.8:53 | ww1.kirkemusic.com | udp |
| US | 199.59.243.225:80 | ww1.kirkemusic.com | tcp |
| US | 199.59.243.225:80 | ww1.kirkemusic.com | tcp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab931C.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarA2FC.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99db370cf2d90dd74542b92b9682470f |
| SHA1 | a2c7c5c1cd9b8a8db0b95ff14101e92f9487f282 |
| SHA256 | 1ac46cfd6e6b9673ab356987f50a24bab2f906383ad47a91c0e32b6e2ed26486 |
| SHA512 | b5f59b0b66513c491ef7ffe968afe1a5dd24f64dee011e8da2d130f5da9d240ef91b6d1e24a9e5386781ed0d512822ab7c00e31d9248ad5adbd91104959d2a65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4b56616090232103017ad97046370a21 |
| SHA1 | e292bca2619d0c0c4b6d669b7a7f02ffabc3c1ad |
| SHA256 | 0394daacdb5b3a449ca829f1b0ea055dd2306600f947b9408bbd6045252b423b |
| SHA512 | 9c191352738ef24b270ba54b897f2533b9e0dd5b1a53c8b345c1cd352b94eab10f40ea780b3cd3265e3934effc23c0cb34f562c81ec593a2766caf28af2cdd1b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71d7e5521b5ad451fe169c68eb4428a3 |
| SHA1 | 70b6b5b732195ab64e722538ae6b049c7850a5cc |
| SHA256 | d3dbcabb21d8deb1c692cb8f1a3195a1873084f795a84707bfb76e7d9ad8f66c |
| SHA512 | 6b7a030f4eda6f100a159efe685936c1f8e6ef075fe327d33d0c87c5a272e26afb9eeece6859f5abc8af09bfb5347ae65b44ac5868e9e0c5ac410d01a7d1abfb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4cd0e276ebd3d4fea8910331e5f15ef2 |
| SHA1 | 76e8349b014a6a631a118edf141943a54383e379 |
| SHA256 | 34071caf077863dc344e51042b3562644ee8a940ee6ef533197b6416cec82d61 |
| SHA512 | c48f09e771d748929a484ff4dd880f772435edba93e2d6b65ab69d42e03d9c802aaa82b22fc8ca28b216cb6662f9e4c8f49f076b21e105679610a04441387f03 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff61d9f4bf4258dd4c09642cf6dee31f |
| SHA1 | dfdedeb880794cd9ea0ee87c584da1a33fe79e99 |
| SHA256 | 8ca883424887f9dc88348d09c975a7b041f1529f8e403ab3b42d91c8e1f9072c |
| SHA512 | 6e6993b191a58f870b37dec4f6d2aac266536dff9709e64d81499c3db7b4afa23ebf3586f950cc89c5caea6af5e1e7b27ca7cd8ed39865f92e9862712c4045bb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9418a68c49c576e5a2a7dad0ab0a95e0 |
| SHA1 | ae2171c48ad34adec5636fc8ad2f5fd259296ff6 |
| SHA256 | fc4507cc5c41b32aad2bd15effb386d6e93996dbda59d23e13a86b7335490839 |
| SHA512 | 83b09312636c440f85766b527e77efc90b275709ffe223a90727006feaa195bc076cf0093fd6c10ed8fa48ce88ffee345d39e8503874e5e00b19e5b6723051e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2012292a1f1e09cb130d61c1fe13256f |
| SHA1 | 8c2b3e60ce3fb74eb3e15a26d3b26693e466c44b |
| SHA256 | b2e4c37d5102be2dc24368f2394623e8ef30555ae0c74baf334a736b6929ff2c |
| SHA512 | f7e22b2d43de064fb904cd463c83a7e4f9f858db05972dc633f83ade7986588bf119d00ea6ad263a210cb9ebc8fa964061db30bc2000e54157b93886ea4dd063 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b721cb52392a63f4dd3aebb2774ebda4 |
| SHA1 | 23311f97024e492f9c6b8bf1562dc9d8290e8f24 |
| SHA256 | 45ca85fff253fdd94502bd60c239a71f4698326a1d33c1c3e5d529480f7a89bb |
| SHA512 | 6d17fed2dd23cd5a4256f7d903d6e8c4498f87748bb91a82e32353f9f6ee40bb2f3eaa1c76048c74dfbbf2a1b3f1935036f703b39c900d42c10ccdb70d02b407 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5becc22cb68290d949726bf93cd1dd82 |
| SHA1 | 6b3f1629983de8053a85cd409d5a849c30fc1749 |
| SHA256 | 7dc28d8a900e419e96fe1a9a1d7dead0985101bef333b7353a4b247a91ff5e08 |
| SHA512 | 309adf7f61567cd3c3b156277ccf5422b511856bf959e57651aa948c3ca366166a57f6bd82a2362364ba8d0f9b08d2e37ff36e92f964ff89b2522304fac9adc1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cda10ba04673617981fc87147d05c6d6 |
| SHA1 | f8cd79b243a5952ace99b3ea1680a80144a7a20c |
| SHA256 | 9d35e4d598f4118ed450ab2860d20f73210c06cd2ccc81a947f87e39c59982a7 |
| SHA512 | 21573755c899b35f01049799239824b4630bfb643541ad2c938c87dd375f5e64d4be95ee64e0075f5660c9aacad008a1fbb0ead7d6522b55d0b5c300009f5965 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d8c0aeea3d8f354f381bb32ff370b921 |
| SHA1 | 7603235c8d60ce4e9cec511217bbeeebfa01d678 |
| SHA256 | 1e6fdf1340d9e8137252600082e57f97b4680ffeefb77c2f6d2ae44632a886ed |
| SHA512 | c484f1170f693527e0fd396832af93c24c1fb7ef338084c853347b7ce5b53936194905b2fafdd18230b9790ad908cc8d8a23da242ebdb218c163be3ff6e7603a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c617f9a3f7c4dfba4c08a44c9094dd07 |
| SHA1 | 10fa8ffd27723db79574083c74522c3fabc24b2e |
| SHA256 | 4d99d545a6710d258abe2e49a44d497ee0fe689bb4193e45c2b6162f4442e1d5 |
| SHA512 | 240c3b338cce2de25f2817f15f4ceca91ce75f1b67e2277796d7a626015c3ff0c6e2b1dcb0632225787117d8dd7af82efca6187bd103c25ad03a1bd32096cb77 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 828054f83a74b796680bfae72ac613be |
| SHA1 | deb466806d3b14bb7826f11ac239317c4b113d28 |
| SHA256 | 15d7f2dff148a5e29ffd7995c6eecf2f5d75ec228e50c88014a9030ffdc48cf9 |
| SHA512 | 2315f2822ac397fe9bf8b2dfac17323d21ecd2a174a701f33699873e88ff37d4628576ba200d886d85640ea73d527de4672c86526cdd46207cc5f681760c346f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 586476bb1d2a2835541254993824334c |
| SHA1 | dc74522adf00048293473d8cc6360982a32c62d0 |
| SHA256 | de6efe8b13c34fdebe13e9b0a9516bd1692d10f82dec871602e72b70d0aad4e8 |
| SHA512 | 527ba6ee2ef467b06a63df3a3270dd6513d8088dd0148b1ebd6b4cfa8e4d765f318bbc5f55e112b2756b23e48b4bbd921175c249978fce14ad6fd3a0e273588d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-02 01:02
Reported
2024-06-02 01:05
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c6663e4ba8fe3c7c5e7c583cf20da82_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb93be46f8,0x7ffb93be4708,0x7ffb93be4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1784980232122762472,4617032061483449267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| US | 8.8.8.8:53 | www.imctsguide.com | udp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| GB | 142.250.187.202:445 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 4.43.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| GB | 142.250.187.202:139 | fonts.googleapis.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 8.8.8.8:53 | www.braindump2go.com | udp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.26.4.128:80 | www.braindump2go.com | tcp |
| US | 104.26.4.128:80 | www.braindump2go.com | tcp |
| US | 8.8.8.8:53 | 128.4.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 8.8.8.8:53 | www.statcounter.com | udp |
| US | 104.20.95.138:80 | www.statcounter.com | tcp |
| US | 104.20.95.138:80 | www.statcounter.com | tcp |
| US | 104.21.43.4:80 | www.imctsguide.com | tcp |
| US | 8.8.8.8:53 | c.statcounter.com | udp |
| US | 104.20.95.138:443 | c.statcounter.com | tcp |
| US | 8.8.8.8:53 | 138.95.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
\??\pipe\LOCAL\crashpad_1540_KMBPVHZZYMBYTCOV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8bcca650e66e2b58eb3814b29fe1aef |
| SHA1 | 4a1d5d627509199d3ed7cdf971ca1a0da9c0771d |
| SHA256 | eef68cbb9a81e6a19afa833ddb845ef6d56c546aa15ad2b45fba6c67e2f1ade8 |
| SHA512 | 7deda8819840e51b98b3c38f55831717886e00c3c3397e0d2b3b7f910610b1fbb6a751f3641c2e498d111555d89cb5e3cfb419fba60c60a629995245685bcc4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8f2d4acd8cf42d392c4a61c0aff72ad5 |
| SHA1 | 6556be14a4c5260c9b377fcb4eb7330fb44a7371 |
| SHA256 | b59bee7a0e1f7b99ac59faafea429150594c446a489dce7e320e99e2de268c7a |
| SHA512 | 52370f334264982f1dbf59a7b872835aec379a620e755838de3f5c99e4ba29e214403adccd58477d583d6966ec66e4954dd3205a8e82005421516ce386f178e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0154635500fe842b168c63e0def2d334 |
| SHA1 | ceebe0d35d4bd10ba608c7f24a6a8024024d6e7d |
| SHA256 | 81f3ab19b10b61afa2fb614b14b23d7ad1ff837e7ac059501ffbbcc0a4688497 |
| SHA512 | 284fed61f8fd5240f9d53dee70c5e02ca1c7e208077a38961cbd78b19961c292c7b6309664d02c6eb509661d1100efef005cfb3ee340c32bef7a68187561111f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f0dcfe99ead52129b0b305ef195a984e |
| SHA1 | 16ba802b3bb5411a284f1c98a66636f3ca8ca5fb |
| SHA256 | daa3e280f53d4b581d9f9fd764ce1f2c57edb79a483bc937e7fd0e62e17d6f6e |
| SHA512 | 7f6431ac84a021b8e90d8768c835919f2f42a275122350d407f81795def9becac20f70744763c5b0c6637cea1846f2dafd9ec75dc50e0b16f8b70d56fc2b8cb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 94810fb3da2f87ca285d413bfbcad0df |
| SHA1 | 9d404e58e77b53933b85f29e8ae30e4404a4eb68 |
| SHA256 | 2d698c2f696c83e1f4bcedd7d53c7efc123f41d3328847a0e83fea4a59e26f88 |
| SHA512 | d39875025d8c37fb41f4173fe12bab9ccbbf71eb5bdcb7e25fe78de4ab1c1bbfff1fc94695f200cc6be64a39c6bf4bd14fcf9a46c2220eaac9dc108cbcb47ee3 |