Analysis Overview
SHA256
d9db610f3ee680456a5523d706c1fa3d657962573241249dc51279c02fe6a8d0
Threat Level: No (potentially) malicious behavior was detected
The file 9108047639ffd2b1cf51b7055e7f966d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 07:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 07:58
Reported
2024-06-03 08:00
Platform
win7-20240508-en
Max time kernel
118s
Max time network
128s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B24D0A1-217F-11EF-B27B-DA219DA76A91} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563368" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1636 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1636 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1636 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 1636 wrote to memory of 2748 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9108047639ffd2b1cf51b7055e7f966d_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | www.feedburner.com | udp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| US | 8.8.8.8:53 | dl.dropboxusercontent.com | udp |
| US | 8.8.8.8:53 | accordion-for-blogger.googlecode.com | udp |
| US | 8.8.8.8:53 | gostats.vn | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | bachkhoamedia.googlecode.com | udp |
| US | 8.8.8.8:53 | maphim-net.googlecode.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.187.238:80 | www.feedburner.com | tcp |
| US | 104.236.14.237:80 | gostats.vn | tcp |
| GB | 142.250.179.234:80 | ajax.googleapis.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| GB | 142.250.187.238:80 | www.feedburner.com | tcp |
| GB | 142.250.179.234:80 | ajax.googleapis.com | tcp |
| GB | 162.125.64.15:80 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| GB | 142.250.179.234:80 | ajax.googleapis.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| NL | 142.250.102.82:80 | maphim-net.googlecode.com | tcp |
| US | 104.236.14.237:80 | gostats.vn | tcp |
| NL | 142.250.102.82:80 | maphim-net.googlecode.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 162.125.64.15:80 | dl.dropboxusercontent.com | tcp |
| NL | 142.250.102.82:80 | maphim-net.googlecode.com | tcp |
| NL | 142.250.102.82:80 | maphim-net.googlecode.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| NL | 142.250.102.82:80 | maphim-net.googlecode.com | tcp |
| NL | 142.250.102.82:80 | maphim-net.googlecode.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 162.125.64.15:443 | dl.dropboxusercontent.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | img133.imageshack.us | udp |
| US | 38.99.77.16:80 | img133.imageshack.us | tcp |
| US | 38.99.77.16:80 | img133.imageshack.us | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 2a267c8371f84045236028d9d98b0988 |
| SHA1 | 689e34bfc1f5b0d068c4ee62baca3e32f2a8e2f8 |
| SHA256 | 3e6148f5d2f700962e4ca856d369cf61329d27095aab4081997a69c337194f4a |
| SHA512 | 7da74e5c2144e31887d70c62f623a0271b33153f0be825828f006ecec9fcb7d1f006249171b2b6746953cec27ce3ef159f980919e2b7ac996ae64d2519938e5c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 37328a6c21e09b698db608728c6f2a02 |
| SHA1 | da01f6b832a7756abb1b5e87fbc360f414349ce0 |
| SHA256 | a4ec69c7eacf005105c88e0483e325a6b263aae9ec97f5bc9fe1393ef2e06cdf |
| SHA512 | a3c9f5bf01f6e92b5752c4ed03a35c7e9c2b2b718ceb511e51183b0f9316a301b95e58d3401047e1c5e2afeb8cecf826e4213c05cbd5776177fa4334aafd2447 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ed5ea707bb027129e2ed5c06cd15c8ae |
| SHA1 | 18c879b96388826b5bea4d5db713fd7d2d1a7146 |
| SHA256 | d2618bb0edeadfc43aa568a315f7bc367759e1b97d6d89c33c27fbaf2069fedb |
| SHA512 | c5f92665852756b45b9560c345f4df205cf832b546a649ba622c7b09f2b6ff0d0fa0518ed9e2f6f3f2a689744fa9821b3d6b00f8723858d619266519f905f377 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_827A2BD464611B5891D523F77B43FEB1
| MD5 | c60df2cdb9f5947f68f9178d367857d2 |
| SHA1 | abddb306ffb0974fe688dcdffc46fc1df03ba3d1 |
| SHA256 | 17b52e9c7c8a07bef9aef7d3c2408d6e7941ad67f5bc21ea7f361d6fd3c5a264 |
| SHA512 | 6624cc8d6fb06415231d66a6f65aa5568e159c156d1d9a9cc926ad22035445e5a60d52d1a5f1d0f933b9d60dfb19613c9eda95eecaff8aa8bc5c81496e981b80 |
C:\Users\Admin\AppData\Local\Temp\Cab2934.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar2A06.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e48798ca3aee493a2c38779d9d2c82c7 |
| SHA1 | 125dcb09eba03272bcf30956f1707286ff45db43 |
| SHA256 | 5e44ac000e6ef273034d60b7cd002c2775ae7a975434be6d98a3a1de9814f163 |
| SHA512 | a29dde2e9c23b0a9ec1bcc840d4208d937b3f455404fe7ec12e25a5114bb4ffb32b9da8a6f87ae9560fe4f904fce29cee00bb8eaf5b344f1162c4bae53b76ac3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8986c2113e91e7a268cd5035db592964 |
| SHA1 | 6980cfe8a2a1fe7c1adb55bde7fcbd0deafea486 |
| SHA256 | b7423497bea94822c902b5c1327c0b7744c086812d1be16cad8317c1653adeb3 |
| SHA512 | 55c168ad7d93c5d0d755f465f4179e5574102d777507e8e10a1effa00ab2d635882bef4c73f157515f056e8801ee9aa285c4203ac3f0d85cf11a0e9369f66e9f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 086a91b64d95979ee9db2fdbffbec79a |
| SHA1 | 3050d0f422570baf19b112cd79750f73b233b261 |
| SHA256 | 2c5b95c6519efcc6c5402ef14a8476e236f74f81461dc320dfec104559e872ca |
| SHA512 | 66753d079246d8c3e0e04336068bd0769e14816b3726f6ca201c650ed0f26824754f3c56325715ba98211a205404653292c4aa89952c2d9808e76f7728292925 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | ff1beda26e35f47703b30fcc50f103e0 |
| SHA1 | f5a0ed53ae19269e0ebbbcb4823d87dad725e57a |
| SHA256 | c9dfd9b3506f6232467a4a21491aefe62b4d7685027e43deb48709b97a2cc8a6 |
| SHA512 | 95289c037f0d5ce732abb054908515bb9323e113523e6f55fed3fd073a51490f2255c6f82806cf9d7453674eb47798dff2f606bcfc94cba81bd1b69eaf633241 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e199a164184c304fa37c6eadf27decda |
| SHA1 | dc6b89b50c33226b362545df8956b8fab8aaa2dd |
| SHA256 | 5e9bbc6d6cd38bbf7bf67184fe08a49d3628f82e71dbdb9fbf758b7cd69547e6 |
| SHA512 | 652144018e84ea2dba10a103082fefb842c7bad768b0c2f74b45f861ee78352484bbe5dbdb8af5bfc601778eb1e667445898350851c63d21b61d937db2e94374 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a7172a92dc080723661b592e3d8c0c29 |
| SHA1 | 34add74224dd1109d689ef3ceffda50ff1b18695 |
| SHA256 | d9a86bfc10d29618548f5c86336e4d4cac5e309487dd906b90201cf79d1ec8a1 |
| SHA512 | c11fb5ba3a58008a963e75b5ffafe316a2f30afbea69af6bc93354d360e8a3aaaf7dec946a297999cc6f17b1c5af9f5cd8d19469f00d075f0bcbb485b27492e0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b433f0615d720871e14b84570619a046 |
| SHA1 | c9d892a9b091bcb06b1365ce253e4ec64f598d07 |
| SHA256 | 4ebbdd33144975e167fe343861f59a037910dc8291f72085ccd2dcd845f2662c |
| SHA512 | 7db7dcc73c065f67b31a750d3b62f6eeee8dd63ae3f27337329b565c78ce9e0c843e07f5fa25a19c0ab667e825d2a544ab60f41a1a05ddb940dcb9543d421a68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6780fa8645d008ec44d672a909e4a760 |
| SHA1 | d4ce55c2fbdbff29bbbcfbf4eb829c7781a0a7a8 |
| SHA256 | ba1ae0ca4465136de35a96e95c4deec573b2cfd25b762282ab991f847fd798ce |
| SHA512 | f25d1489bdad6a133b58e157316b484fe62681597f291425395620d53e866f0e0463b441beb781c5541b48411381bf6eae2ba6861a908872e284132ebf81f7e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a2d8fabfad670543d7eef717026cdc48 |
| SHA1 | 51bd546d83b94db1a0f1af7fa713c4f92948c803 |
| SHA256 | ee04716deeae0fb4f730c4576ca953d3368addea936e818865f2cfc2b9e44cce |
| SHA512 | 89cd686d01ebae803c071a4673b13eb7edb0a862280ccd3b565a3cb06141bd4578ef9ea66486267449560434da377068bf8822656223666419303dcaf848d4b8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e466fc78e8c6ec7ee82ce696d83e94fe |
| SHA1 | 2431a842147e28ff136f9f5c80e753317b8f3109 |
| SHA256 | 51c4ccfb07cc6eb439144609f7d5d750577c6a772e9e4137363270d97db4633d |
| SHA512 | b27dd7ca20d5c26420663c3cd38d45bdfb2c5dfe5c2d1c093bbb6df654e06f30abc1f7a6a9843ef6b130bfc172c12e58f72134b96ecfe541ae9fda295373f7af |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 07:58
Reported
2024-06-03 08:00
Platform
win10v2004-20240508-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9108047639ffd2b1cf51b7055e7f966d_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0ef46f8,0x7ff8c0ef4708,0x7ff8c0ef4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,309514644049099653,13494833247441547752,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,309514644049099653,13494833247441547752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,309514644049099653,13494833247441547752,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,309514644049099653,13494833247441547752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,309514644049099653,13494833247441547752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,309514644049099653,13494833247441547752,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3120 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl.dropbox.com | udp |
| GB | 162.125.64.15:80 | dl.dropbox.com | tcp |
| US | 8.8.8.8:53 | www.blogger.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.178.9:443 | www.blogger.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 162.125.64.15:443 | dl.dropbox.com | tcp |
| US | 8.8.8.8:53 | bdv.bidvertiser.com | udp |
| US | 54.241.51.109:80 | bdv.bidvertiser.com | tcp |
| GB | 142.250.178.10:80 | ajax.googleapis.com | tcp |
| GB | 142.250.178.9:443 | www.blogger.com | udp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | gostats.vn | udp |
| US | 8.8.8.8:53 | dl.dropboxusercontent.com | udp |
| US | 8.8.8.8:53 | accordion-for-blogger.googlecode.com | udp |
| US | 8.8.8.8:53 | bachkhoamedia.googlecode.com | udp |
| US | 8.8.8.8:53 | xslt.alexa.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.feedburner.com | udp |
| US | 8.8.8.8:53 | 3.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | 1.bp.blogspot.com | udp |
| US | 8.8.8.8:53 | maphim-net.googlecode.com | udp |
| US | 8.8.8.8:53 | resources.blogblog.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 2.bp.blogspot.com | udp |
| US | 104.236.14.237:80 | gostats.vn | tcp |
| NL | 142.250.102.82:80 | maphim-net.googlecode.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| NL | 142.250.102.82:80 | maphim-net.googlecode.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.187.238:80 | www.feedburner.com | tcp |
| NL | 142.250.102.82:80 | maphim-net.googlecode.com | tcp |
| GB | 142.250.178.9:443 | resources.blogblog.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| GB | 142.250.180.1:80 | 2.bp.blogspot.com | tcp |
| US | 8.8.8.8:53 | img133.imageshack.us | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.64.125.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.51.241.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.14.236.104.in-addr.arpa | udp |
| US | 38.99.77.16:80 | img133.imageshack.us | tcp |
| US | 38.99.77.16:80 | img133.imageshack.us | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| US | 8.8.8.8:53 | 16.77.99.38.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| GB | 142.250.178.9:445 | www.blogblog.com | tcp |
| US | 8.8.8.8:53 | www.blogblog.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4158365912175436289496136e7912c2 |
| SHA1 | 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59 |
| SHA256 | 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1 |
| SHA512 | 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b |
\??\pipe\LOCAL\crashpad_3840_WUMRJSPIWKPBYZAP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ce4c898f8fc7601e2fbc252fdadb5115 |
| SHA1 | 01bf06badc5da353e539c7c07527d30dccc55a91 |
| SHA256 | bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa |
| SHA512 | 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00a386242c955b58f786733e93d955f5 |
| SHA1 | ba62f8218d3e5b78862fb1a9e286d5ffa4ab617c |
| SHA256 | c014b3d7e158420caba1fa20e2493e3735b8f2a1861f2d1a30ff3e11b9d6410c |
| SHA512 | 400157f1a279500ec0e4879d23bc61d937054c2539d5ba9f33805d3e009a5cb0fac4d577b37a1769ece5664f77371e0bf89bc21f87bbecf993707f8dc93ed092 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\88c21ebc-eb65-43f1-8ecb-212ffff53b06.tmp
| MD5 | 884c77a4366a0f532c141cbe1233f6f9 |
| SHA1 | 09bb7d9d56b8fa009f1a1e0540479c48c6bfb193 |
| SHA256 | 1552b735d8f3c8ad697b7bab3756af7c3e34ad322524b04e250aa6320c2d2bf4 |
| SHA512 | d68f89a07eed1dbd49e98788a9807a3f4beda8539738ecd3254dbc1a47df5d4c2bac440237feddd32f29efc795bf93be0cc27b6bbf37453b018ffe5afc27b86a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\da5dad5b-5be3-4fb7-bc99-fca080fa5ef2.tmp
| MD5 | 2a4bf2d9bd231bffb2d85bd1b70b0e68 |
| SHA1 | 0eff0a3fbf9d0269cec71cc86892561c578c07eb |
| SHA256 | 74cd076e474d074340cf1ada1f0d242cdc0b975fc9f8767d0fdf434ff0efffbe |
| SHA512 | fea722a8df0493d3bdff2400adf2f4142248f25b3c39caad1a8fe6411495ac0a7cf921d5c511edbbe5731941293096d2f02605e8f8d5695ae809babbba90eaad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0435a67ae41fb62104824a4c8b88c0f9 |
| SHA1 | 38e2ad04be495c4cc48e3340d4e38b459c2148fa |
| SHA256 | acc206e1899d52664ecd3ead42ed00150063ccccbcef62d89ef0aa28f6a0a86f |
| SHA512 | 0355c683f46dc8f77a6f9be3232e6dcbaa61ab2aa51bb710e6d021905f0eb5917ac3e17308efc80d6a2576548836d0597b405894b3c7da6d9b3051c611d39c33 |