Analysis Overview
SHA256
3d0349206883bab7f790e2e4a998872ca327e5bc72018bba122c65b3a4b080b1
Threat Level: No (potentially) malicious behavior was detected
The file 910af9415e1a9d6516a7f3e514246c43_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 08:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 08:02
Reported
2024-06-03 08:05
Platform
win7-20240220-en
Max time kernel
134s
Max time network
129s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A3CCDCD1-217F-11EF-BE0C-E2E647A5CFB6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5096a0788cb5da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563624" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006d05402cbba2c14188766fdc5d76215c00000000020000000000106600000001000020000000087da1329ed9dd774608f65d016628e1b8278b432c404a042d0ee53d6d557d63000000000e8000000002000020000000ce3dc8f67062bb8abc70920e1bf02999f08d1de2654b29fb4718c8bb13a1cfe72000000020c02f1c986b274672276c82b31a18c00c7f96c729de3a6db80ece32a6d3dcd0400000002843260383696531efc3113f8ce406e53967acd918b89854e6ac83d89b67b5496567bbe06d14aadd71f26930f4c8e581bdaf55cdbd11f1a2f5a470b14d2cc1a7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006d05402cbba2c14188766fdc5d76215c0000000002000000000010660000000100002000000014de950d88ff90aa895df916b74a1a948c0fb89fce0e6452c0931238cffdeb9c000000000e800000000200002000000038b844927495d9979febc3c874aaddaa0bb89c254a6df8c1502a32d8ff54f80190000000068983124ff735abf752115fe58affb1653dd94b103b466de3237dacc33053b3079a2ba0b5f29219e832154b0b9def3af20c5c33719deadb53f5a784af88c2d485080df49543b0f6aedbe77ed34aaadd5bcc3dd420a3905edf4c64d3fa79c1462b3cdb00693b0522ce6bddddbcd63bf20fe88118aae3123c88f203829f8966b317589b3e0e63cafed92b240f7c6bb36140000000444af9cf05fefd3076d3d6516d54482a81885da4b01ed74bc12dcfb7ffc2fca61cbb0c99f52cce152b3fe39e3aa3c2926840f18a7d0b0993f7f25111bf4a556e | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2932 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2932 wrote to memory of 2564 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910af9415e1a9d6516a7f3e514246c43_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| US | 76.76.21.61:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.61:443 | party-nwvqdtumtz.now.sh | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 76.76.21.61:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.61:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.61:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.61:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.61:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 76.76.21.61:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\Cab22DE.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Cab23AC.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar23C0.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 32f9d31e8762946ee838e7a84737c98d |
| SHA1 | 4206b5b59c421687bf8fe65096c608ad07e2beab |
| SHA256 | b9c7fce870c8e929d6b966970d79154e80d57404e47f15793831e8dda9a57f39 |
| SHA512 | 15a83b2c1b533f683e8701c3acf755288e27089464982b84ee3ee1837c5cd8fff37f31ff39a464dd418a8783723fcdb1da4ada5580afbe7efd2fa80109b57d6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 567b852fbe5cd7527e55c8fdacdf30c7 |
| SHA1 | 60f9cbb89caaf1747993bca4469769b5dea7551e |
| SHA256 | 0f96581bb9cc2610c6b27dd13232f81199aa5982098327ea64b56bc69db30bf5 |
| SHA512 | e6f4fa8dd957bc433aedd488b97516a06e9b0f781dc128252232a9792451c45cac2e8b7c780b221e349dd163ec3c7a68e246defd7b0e7c3db2d3618c5ea3e9e5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0371938ee244b74c4b0a9a33d7dce852 |
| SHA1 | 6d20eb17b7c1781abee8da2fd2b626f591007e69 |
| SHA256 | 7e25a9704b3273725f2402035494163326baca8e34242401adae90307797ebb4 |
| SHA512 | b1fd12a9eccdf4cfd9b8892c5005b8107ca679974bfcbabe786a3777d7410897c23e6a3d92b8571d613334c8269738321652c3322a5d37dc904df7849a1fb1c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3993d0863ffa408de42829be5bae90bc |
| SHA1 | bb158d62d25b6d0f4182ddcc3197af393d97500e |
| SHA256 | e9a5440c6643b8f24cdef0ec023e7ef1f0f17994c576e3c53fa339b2369a7a7c |
| SHA512 | cc9371f940d24b85c4a4b35e2525809ce5c6ab08053fda8b5b29e3e023b7c4f296306cb393eecf795a36579afdc3fa8c429cae5a0939c2db1575b9267af6e2ff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 388d32707c0d20f9bd32a4948ae0279a |
| SHA1 | d33deea10e0a765a7c28d6658f3329d39ccdc911 |
| SHA256 | 7ff250a751a0099e79c692c5216fac86f0c6fe7455c7e8a31930e07699cfdcd7 |
| SHA512 | f79a0a3ae67f945bcb69e656d64e5e79c302d5ebce909b5f6c8f22a6c13f2e916080a523b6646173cb879694d76d86ddecfa28ea2f677a6917f1a83ab455d2b7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 96e1ca4d5840dfba6d7e1733cabf7e7e |
| SHA1 | f24e7475617ff2565c8103763d206ba2a99ebbc5 |
| SHA256 | 18c12445eb260e3b93fd116d23dcdc48edc1e890601463eae058b79e2b5b9e5c |
| SHA512 | 7780dd8e6d1afc32d73e7b8ec7b4efd72e0d261448a5fb2d85fe71a0bc13bcbc6d0662c1d2aeb0240d7082369545cc9e8cebeabcc0640cafc2f4c90ad48f5c69 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0bebb24c8844bff2a1b141267597a547 |
| SHA1 | 2dd789202d35431d1c13cfb5a712d82e516b294b |
| SHA256 | 0e87c0284ffda5d29e2e17daccd3e21fba374e9fa859efbc1f22bcf3b24e97ee |
| SHA512 | fc79d6c8e0232a2596aa05f41cdc3168665f5f455dde65983a16b56bc49e4e08c332984f1cb5568a425c648a583b242c2dd9bfdd2a5928c37dacea373f8343d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af5381de4063b28f21c8557bacdbb307 |
| SHA1 | 0ddbec798819022e20fc6889eed1867476b4748d |
| SHA256 | 6cca59b3aa1e56c90dc0519e28d9796519b067507413c79166c9898dadd51b6e |
| SHA512 | 9a1d92f3192abbad81311048fd0bcb8a58b3f94763bc93eb2cbdfd423621ec040cf90a667bcc786c6e833142962d102439d3bc4d00779fb185353c39721c41ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 825aacd2b45b127e7298944ddc042f9b |
| SHA1 | a84c77fa29a1e4c374d0cd9b00b24c074ec0e082 |
| SHA256 | f26c37cbcbe00a9325f3dd5ed23fa5a3f840d7b3e464fa4ab46bee3d196f2241 |
| SHA512 | 7efa6712db01d5acf6bd5bc07241878666f4d9b436e4942ed1c4f77b291a2d88a10aa71fbd134f6b4d440bb91b6b9f332a4ff17803d3c8a2f6646ef0fb485752 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4fce08568d70c41f3087e6d21ac3ae9e |
| SHA1 | 256186a3d74f4c191c03c5da4a2e7af938635013 |
| SHA256 | f0df1e498e63973682165de3680b85bc6dd897df0501391eab0ee23eeb9d572d |
| SHA512 | 619d2ffc1f12a8d74e25566ad8e5d39d7ce5df5f234b3ffd91a117acb7f942cafda70b737455224d039ac7890d8356976d1215340374fc7fd4f113be8a7e2905 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d5e41b6508ad2501d42368e32c3b9add |
| SHA1 | 1bc7ccaceb16f7dbc1723f79165fbb5799283c8a |
| SHA256 | 9cfdf84331ba1cab1394ef31638ff5c477d39c57e7309ba65bf389b73919780b |
| SHA512 | 36d82ef0a07f4a1b83776222a3f91240c2ab0061b904249f856fc3ae8a2ea830d772c89102a68123e30a473ac84ee04c6295364a1cc6f36dd5a31728972e0b89 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f4d747af76632c5ab5ac238a269b5d6f |
| SHA1 | 84cc7d09d7fcb4aa3522af3321679b08c50b42b3 |
| SHA256 | b84ae6e039003b313666a75325f839022d0526d019be0b7276eb5ecc7cdd9094 |
| SHA512 | 44bd0a100d5bebac1c9131dd939e5dfd9cf9fcd692ecf00afb421a167c3aa1c6aca81ab71e4b21187028010035b37d864c3ef64b2c59937ded8495aa22b228cf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | faf64ed1bb295c4abbc0478711eb770e |
| SHA1 | 42cf35274ac491cd0a4c2bd26592c0325412d2d7 |
| SHA256 | e0564ba3e028207d01129a294e65c4ff40cca5c30d63b3249c31ad498efb477f |
| SHA512 | 2f2c10922e5e92b3fb08b90f120191632fd4209ad8885178a4ed8a11fca7441b7fc3eba76545556df928923c2c63e3e995fe6f682f7365b70ec23ba378354cdb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8ea6bd3d4135ff7846ee2802122e2c7b |
| SHA1 | 20bf40a345ca2c14ac93273083f5b4caaa94a701 |
| SHA256 | a1178e37185a27f4073fc5f228a81ffef3f57b6c8c64cb1be75c0c6f7057088b |
| SHA512 | e309bc79e7dcdb6f75540b5f25b761b9df3e31142ac3ffcc6ade120b6761ff6fae3d21fe3788d55a4491686962d817c6b8491228b21c2d317ccaf35daeb25ce0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b7e1c67b694e9292685e3e8494ddf177 |
| SHA1 | cbf3a8e38fc0a0d1454cbd398f1b59e63565cb87 |
| SHA256 | fabde1404af083fb9e7eedff7211d8e5341f5217652c3b53ee8570b9dd202a0f |
| SHA512 | 4874ba21a6faf8a25f1abb1826d478c11521009d9bb6517420ccb4c28293f063dc3392b96710f5e5527e254d5062c868a45ddf940f6dd987a8138aa1e347d174 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3721c45b077b97fef16a60fdf2b60f8d |
| SHA1 | 200007604dc8716e7ce93e3c7115677361584aed |
| SHA256 | 601588e0b16c6a8f58558e0b10dc56c6522915231f59c5cb7a698355eb968169 |
| SHA512 | 7b3a3cc115751edc36731a84d89e45ed03ab1be0181fdfbcb4231fda4b22a6ce25af06f77dff9ed1a0dcf836c0378ad42fe6c79581d4d5d6ee9eb38a3f99dc94 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fadeeb2369e3b93f9d3353823a9cf2de |
| SHA1 | c1811f6825c31300b66d165229c19a9b19af630e |
| SHA256 | ea8ef1a1abff4f0f85c3a236a9f79e2c3666f96889400471db89c610d8b24256 |
| SHA512 | c24305e0b17eb45cd523de1f0366ae0724e56254e9b565f2fd79e99033f0d1dbc8d76254caeb212d50857f32330296ec542368126666d98c3ccb5112c26aa491 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e60fd5828af5ebb4b2441630e5668297 |
| SHA1 | 32f068a7b04e9fde8bac3c0313027a64fc049971 |
| SHA256 | 3e631ae5b3c6625c4404b259043b3bc806f2760c54cfcd897de25a3d05668f2a |
| SHA512 | 1df557a2f88145d738653b80070c2ac38a5f81f076c39a2f1195f4a5829b72342b6b75455614fdbf9742db8cc8bc2f33bd8ccf43d2e79dce46cced2aa8c0fc84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa096c95d00a65e21f81102bb4a33f9b |
| SHA1 | 2f8fbe32ac08b3c74d92b14a0619d88e002ee951 |
| SHA256 | 4b8326910abf759522413a4d9229c0158562a6fd2c3778fe17bf812e676be18f |
| SHA512 | c35778b5da720f9643c3430a448e79c53817e9a92ecb663c2fa55ef3bc35ffc3fb861df1d16abfb53cc3cf679d4a0f394b1fdc5dfd4b368617c158bbefa68466 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-03 08:02
Reported
2024-06-03 08:05
Platform
win10v2004-20240426-en
Max time kernel
145s
Max time network
156s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910af9415e1a9d6516a7f3e514246c43_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d51846f8,0x7ff8d5184708,0x7ff8d5184718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,8432941546798885099,7643615245170049693,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1752 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.now.sh | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 76.76.21.9:443 | party-nwvqdtumtz.now.sh | tcp |
| US | 8.8.8.8:53 | party-nwvqdtumtz.vercel.app | udp |
| US | 76.76.21.61:443 | party-nwvqdtumtz.vercel.app | tcp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.21.76.76.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea98e583ad99df195d29aa066204ab56 |
| SHA1 | f89398664af0179641aa0138b337097b617cb2db |
| SHA256 | a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6 |
| SHA512 | e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f |
\??\pipe\LOCAL\crashpad_4508_VQIVGLXOIFEARGRE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4f7152bc5a1a715ef481e37d1c791959 |
| SHA1 | c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7 |
| SHA256 | 704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc |
| SHA512 | 2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f7a5d2b77792e45becd2a27fae5a4d9 |
| SHA1 | 64114ff166f6df8170e48506f0bb52485deebe4f |
| SHA256 | ba5a9596ada3a4741e1c126ec778a471bbc738faa0f2983b3cb00d56eba97084 |
| SHA512 | f9d5b90211cb80792cdd5781ff14279cb55c3d5ef6e49ea4473e42c765748493de1542a71ec6daf2b7750191f2ffe3d2d539bd5535c8fae66630052571c81ec7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | afd3cb70b1c6e692f14d537e0f7c7c31 |
| SHA1 | 8d2bef3e95a373a2b70eb0738b473db2d4c44231 |
| SHA256 | 3f6c56b101cd54700d87533ebb3304e9cb752d66564deed4dbaf080e9f0f217f |
| SHA512 | 55f0d0d84c65ad51380b783be81600686f6165bbe372710499383623e34ee67aa9b2e669b5e996f76410ba1a4b539b8bf5d866e6335a710222fbfe72224b7c46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d8cd7aee476f0b1818bf0490cf74c5e6 |
| SHA1 | e7a3c939f8e76d4538991fc077e1470d52d9b7dd |
| SHA256 | 7b11ebd4d6674eee55989d9007d4c9ee8dad2b55d6c1c02827dd930e183d6552 |
| SHA512 | 92d6afdb0a3d161a32673d3e5291365d149db285a54c5848cb31005b0eb01df459c2f868b1f93dd7ec8efa4596859ed5e8712fb8c81af207cc37d38e3e78fdad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 63e94862b42530f86676ad4d8dad984d |
| SHA1 | 3fd2230f79711e641c7d8bc1fc8f6d671319aec8 |
| SHA256 | 02bd271fbf1d8f8cfeb229ec24d7bfb1c261116853c2e66a3f5d0b3536f59a25 |
| SHA512 | 8f57ba1d96f3a97a7867f7eb43efd22baea3a78766fd88e87affcbc1e2e1699de833cbe9d78d22fa784ebf9602bd2006ee315ea13aebbcb79b56ec137c7a5aff |