Analysis Overview
SHA256
42bdf6361357ff5e4934bb95a539176da86228b400d608230a8c8f38c25695f4
Threat Level: No (potentially) malicious behavior was detected
The file 90fee1b4350a4e4c06e7ee85ac69696f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:45
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:45
Reported
2024-06-03 07:48
Platform
win7-20240215-en
Max time kernel
141s
Max time network
119s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50DE8661-217D-11EF-B7A6-525094B41941} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004aa4b3fd5dfef54a826279fce46559650000000002000000000010660000000100002000000014d7493505891881b0d4d6ad98e8a1b6509bc3de10aa85e2447eb230809bfde6000000000e8000000002000020000000ddbd97d9af4043c7ecfc2deeb3969e1c776581e77a6be0308956ba9f4c242705900000007659729868741544dfb0ad657bb50fe519aa3534deae54778ded7f963c5a8dda611b55eb6142c9bc3e3a96a6aab3dc8a5cfec57d8db57d9915ceaffcc0c5157c77a7e7b7a5bfbf1fe1fe598328f8fcbf33e5d39c53b8093a6cad3ca6ec45809040db487a52e3b145ac10800f757b088ba3315fdafa9ff294374b0a1fb26ad12627289a248766b3a51288a7a63a8065e54000000092d509dd30be66368293a1a376af95eb5473ca079a38b11e8e71021408ba21c94437b9cfc0c990aef7d58c2851b25d2fe9dc6501bc4851822385a8db1e277d03 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004aa4b3fd5dfef54a826279fce46559650000000002000000000010660000000100002000000079e95ee40cf9b5e274162440be0255c292a66c77c1a68f8dd95739f5b76544eb000000000e800000000200002000000095c35501b4b0381308c69f28afe5ea1dd1d700bc3b1f2350bfa7df8ba15e0f4c2000000057e9ab7cee94902dc66e02bb4747a01a4ecd957c7fde181992e986041ed0b71c4000000030b25c0b9d9ec8ed20b2348f14d34f62ffc7529cf43b9cc6af0f065e67bda98c0e976b41d15c3442a16bac42c22d18f7c9e710112942f843fea0678dc2b10a84 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423562626" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 800f7e678ab5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1512 wrote to memory of 2228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1512 wrote to memory of 2228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1512 wrote to memory of 2228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1512 wrote to memory of 2228 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\90fee1b4350a4e4c06e7ee85ac69696f_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1512 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 40jtk.wdlov.cn | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab1140.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dcd526bb66ac3a7e4e2bee3b2e370b1c |
| SHA1 | 03c1a359fb8e6ffb139d66e77893e668e76ba82a |
| SHA256 | 7cd4a0c94912d00b2c7865ff3a6acda9994e67de5cbee16293b59faf0efac423 |
| SHA512 | 87b5d31e33d7d2745ad0ce64c8d80ed4c318438a75968ab19b6c38e7b8cbb2b6a5fd7093bee81b4990f9b615f16ef5feb3dc8c0841b32856498de815dd15de43 |
C:\Users\Admin\AppData\Local\Temp\Tar1242.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b5101a084077ec0e1d07f196b398baa0 |
| SHA1 | 612294dc08c9d27c74d6e9a65cc01ef7548118e5 |
| SHA256 | bc69ab74630115f05a81be54e8ba0fa3d0a816c349a612f48878eea968a13990 |
| SHA512 | 096e64a4688fe8b297c3c183ccd552ef2df67da35db6d5f05cc2ca3ab7e899c082523d69a65895f3308b213d7a7cc287f51379b84d4cd8b0b6d63ed3d78e3741 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6b84375313a116f5c3f828a66c801a66 |
| SHA1 | a2c054943abba1d91394b47ba86b499b5c937c41 |
| SHA256 | d1fb216908f32dd5bf7edaba220fdeb2277930583211dd9d2300a3731e6a4aaf |
| SHA512 | 9e138154ad1b5fb1f8da105b45d79280eea6fe04334edd586603c2bb955593e7f6d2aaa57582c69de3d290bca42f56aeda924704f50ee049d545c6d8f55a1902 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 274e54f15716bcd5024830371fcec60a |
| SHA1 | 4064dfcfea3b69355467398399374ddccf850204 |
| SHA256 | ebc3befb71571ef99fc27db67e971d6f003f538b9d10bc07fe5987689f372aef |
| SHA512 | 180bded5dbd2b0115ff95fdfc1fa4f0f0cdccba4f72055caa45012781aa9326ed3ba455e15603523948163f2d256ee832d39d7eb7538884445c3e6ba31efb443 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6aafcf15b1e41197e6fc42f9610548a8 |
| SHA1 | f2882fa5caba3ea513eb88bf2a98da3b12c9a8b7 |
| SHA256 | e214be52d2bb0f3887126216904d7e4925859aac06f1ff2f5ba6e7f0b212c3d0 |
| SHA512 | 89966a2d8fe8ce91c8348c40ed4e70c4208e7d3278c2ff8a39b39b4598901d61499b6debe5a8f068495f34fbf5d5d3b558125365b9e39f81918852fe25dbf229 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3c2554b4e849059b4b087eeb2af040c3 |
| SHA1 | 0df83e09c677913afac5011f056d55e367786997 |
| SHA256 | 8c9b579202cc6bf2df87f12f00ec9b5491e0e6a908749c947b520c72c4f1170f |
| SHA512 | 471355aed10233cc24be998ba521d0dc5597d067893d3b13acd8fb149376f77ce54127d8696ad7d27533345b1dd1fffca3407992e7badabd4b75b8b90de8b97b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b661b82008fea13a6925cb4f10d70c76 |
| SHA1 | cfb5c574a92ca644177b02495ffadb40f265cc8f |
| SHA256 | 1006a98b2ee4a8d95371c0e22e841b3d1a5335c481054484107db9d35e436728 |
| SHA512 | 1a285a4f4d770c8e4be1576c8db1fa484066352131e6c00dcc86042587cac7f5225968044f92037d08ab9c44126e2aac8dbb3f0e8f05d2d9c9839d73fefe69b6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40752afe30a0347547dc43f7185832bc |
| SHA1 | 9589691d202543c6ad60cd8d773b26a2d6e3d94d |
| SHA256 | b743e85cde2181c4d9a7b0dbbdb99d6d180a44c80cb09570c3dd48f15ab5dd73 |
| SHA512 | 9dcffffc1293b42572f99ec9c40a22ccea27ee98d7f951333377da041fed961561f059bf7675294ffc800056b2349868420e857f0b8c71f6e4fa8509c92207a8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0b5d5c93fed6fe4f2ca0088954a7416 |
| SHA1 | 4071676820a821ff8aa9d115749b0d7624dcbfec |
| SHA256 | 76fdf9f62e9af2d9676944ba22521608bb3c93e22aa98b0e3a2b6298e2f53404 |
| SHA512 | 7eabafeeb92dbdebb5141120df0a658d363adb18b0210c48267d13020d52440e8dae2990749824b6ab70ea4ff5fab26cea86931f772feb6bcf21218fa61419aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 14d0cf845aca5650019e70bddc90e045 |
| SHA1 | 3ec7639d3403bc95aa31b1f7185ddf982e79134e |
| SHA256 | 7685db07ad1f608ebb82f291445217fe87648bf8f1892a0050773dc008561ce0 |
| SHA512 | 68f7b2054e027431e1116440f05173915732abf8e63d2f1c02fb813bb5aa2f4f66eb3adfaccf93d6bc26f82768a0dd96c1b2cbeeac4eb3e398ea914b52a96b65 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c869fb26c2023a954c48f83447598ab4 |
| SHA1 | 370e81c052aca8c3a2f14ab301bef7c4bf9cfa5e |
| SHA256 | cc2d0f9b56a24ee9f7afdf7124190ac151f0a6a8cec5c7f1bdfc563e38cad6e5 |
| SHA512 | b540cb18ea90ef13118af4cddf98ce7e996dfca61cc360b0f1d97d0c799404737bc951f57f205939154224a67737bbc5c383d08e36b22e14750004bf55824c23 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 663b5e7db3eddf68cdd528751195fc52 |
| SHA1 | e2f1b9133528e7592d89d713e8fc890dd9eaa3bc |
| SHA256 | 07aa15a359ef79fe7d0cd816ec7f33889c56c7f2f867e0025428561128670c39 |
| SHA512 | 8efcf81401ee93d4d2d1686b3af33f928c63f6a38ddc09ce897e4f48d2719f3439fa4febb137ab4ba6f06a4128767b43e9e5cb4f4a54fbfa161c4f14ea2b36c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f0e7efe23ed038cc5f1ea0e483a91281 |
| SHA1 | 754392389c39dc2f1ba84d7b08cfd02920017f5a |
| SHA256 | c6215d82372454b232007115c737cd640855598da503bbc119f3f85058e7539a |
| SHA512 | dddf8857692a3c4155aa90e21129138b8dce1f2ca5109f6be766394de11e1e95b9859eb4ff151863d3943cfe4417f02adbab7f0213be992290939d9085194aae |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 18f4c1d4f8a906e07255d43a63ac66a5 |
| SHA1 | fc07183828613d8bb35a67c41eaafd98b1c9a28e |
| SHA256 | 7bd1b5d1218ff47948fbc968f6a2a627ec5d8331f5ceec50bdc58d89cb21b20b |
| SHA512 | 772c1569b74faa34f20a3a62bab401843fe0aa4f104b2886520202c6b8fe841c14fdc21c41d6b0b0b9bbcd38c166b9deb9e78292032c7cf6dd05e828d0baf89c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1a775089c8e161ca8f65b6d371b186b |
| SHA1 | 63ea397ec3387f8b5f609091e96f2477e259d42c |
| SHA256 | d5ce80bb4c66c13c4a4325da4f4f10878bad79eaef84be1be18d1297b3ed0377 |
| SHA512 | e9b1766892a9c5e76b29db76b16f398bcac11603590c6ef85e6a5856d4f4e21e9a5e185502ddcb55d2985e3ef65a6eb877cc66dacb5b982b375e1016c662caa4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7cd63e1f644f06fd3687a07fd24188df |
| SHA1 | f52d19ee1dfd01368764acbc9f7473c2c6ac1e05 |
| SHA256 | f86fbd491cbb7bc2069f0f1e81bb2cb5822616a5581d88f524a1f2a232525b1a |
| SHA512 | 48945f66c3a39cedcaabb0ba48c88e1b6da5330571447404168513109a42817a887d97572c4415a14f219cf935183d1868e70c1edd20f7c082b2f46b48bcfed5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a6755a3a3ce07f373d99571f334e9ee7 |
| SHA1 | a93ed4af21e03a5b5fffcc6c23aac234a0671c28 |
| SHA256 | 54e14b19a8447b72cd583ed6fc738f8d4628df66e63975b6a982f732ebdde299 |
| SHA512 | 72b1075b3d25ad36e7aace1f30992f4b2cb36d0a5fe5f75e7f5e7b78dcb72940dd63d60b8851e314ae5cb21ec9b71fcfa999b7f1a66e5b8cdd0e54f611e9497b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05f3f155ec00f4cfe9232806497359dd |
| SHA1 | d2cb576a330b83d57a28d81808051bcd911078a3 |
| SHA256 | c2a5d51a26136f0d73d60c004dc7a24b96c19066daef7d47d03f8856b06c7ee5 |
| SHA512 | 224974c7541d60288ff9ee39a812077166f848243e4218b6d5c77a9138354f4a34043c0398362a57dfbd4d6cdc21b080f72e31dde0bee3698663af4404774038 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 11ff435fa4457b34e1d4894a10099e86 |
| SHA1 | 90f1b6478ca188072c6bfc62b26b00fe21b685d2 |
| SHA256 | eb396086be9ff51b1ff6ddb3b7f920e65a65f5f9bcd4f36f36578020fda8abe0 |
| SHA512 | 56b00ab01913bbfe13bbf62072b271dd596c97442430bddaa4fbe02357f3cf006a328ace77ed65c8876e4cc3bed10f6dd1c728b8e23aaaaa18c756dbe9f9e9cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cf870a33bfb85f4e95629834ffac0714 |
| SHA1 | 312f184829b9e623e7df259ac3d97a8562af8551 |
| SHA256 | a796534ca77550cec0f26b3db930012213b0ef38b165b85c8100029cfc540c53 |
| SHA512 | e3f81fcb50f023e900ced49f6d8f507e76a16177fc01d31dbbef9af16883bc67a51273ca64028cc9c0a4e44ee887ed3920788b30bcb2c2162e84760f71229f36 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:45
Reported
2024-06-03 07:48
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\90fee1b4350a4e4c06e7ee85ac69696f_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0ef46f8,0x7ff8c0ef4708,0x7ff8c0ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16009654784441421170,2688874455802067110,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,16009654784441421170,2688874455802067110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,16009654784441421170,2688874455802067110,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16009654784441421170,2688874455802067110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16009654784441421170,2688874455802067110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16009654784441421170,2688874455802067110,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40jtk.wdlov.cn | udp |
| US | 8.8.8.8:53 | bdimg.share.baidu.com | udp |
| US | 8.8.8.8:53 | 152.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.93:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.201.94:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.71.91.104.in-addr.arpa | udp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| CN | 182.61.244.229:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| CN | 14.215.182.161:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| CN | 39.156.68.163:80 | bdimg.share.baidu.com | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 112.34.113.148:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 163.177.17.97:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
| CN | 180.101.212.103:80 | bdimg.share.baidu.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_3160_SJWMDDNZUFFAPOYC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 171e1931b06d23222577b1059b6d775b |
| SHA1 | fbfeb60b15cd9d0f9f67ed720ffb7e680a18e15c |
| SHA256 | 51675b3c0558cd6833204f91b0c09ab4b8e01fcbea3111252e25fd8a215b1974 |
| SHA512 | 4cc85845b712a79f6815e1764172ad6fe939bea0c04f531537b4414b79ebfb42cbcc588fdc875253d8ea19b2a2d5631a9460c5ff8c4fe7ea0e30f330a2a66169 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9bfeac546f65d9eecb13413680140885 |
| SHA1 | c4cf4170d22b92d3682e7634b54b102202105b26 |
| SHA256 | 577be49a2733bac3e7911bfd5615e712c9acafe1f354cce9635ec0bf270be193 |
| SHA512 | 7f54e0ad69408137c2c94edb6f9843949728c1413c4b3496fac988c0c07ad8973045e0fc2de582fdd65a9afa72e50906f5d893437bc17c187ba5426699d73d76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41db1c29a16daaf25de59953dc44be01 |
| SHA1 | 806d34ec0c3136997c3a71772043fbf60190e5dc |
| SHA256 | e33933eb50bbd16fca87d5a8d1344e6b1e246a5cd8f546008ea968906a31bc44 |
| SHA512 | 8bea2621084b5e3cf8f712c3191df4e33c91742d3ab33b4cbf4168e3ce4ff4bcf36c45c1b6505010043ba37fe15296250ecc288dff554c9100a7d460f2f11852 |